A Visual Framework for Cybersecurity Risk Management Selection

State: Assigned to Onur Topalak
Published: 2023-06-12

In today's interconnected world, cybersecurity risk management is a critical component for organizations striving to protect their valuable assets from potential threats. However, navigating through the vast array of available cybersecurity risk management frameworks can be challenging, as each framework possesses unique attributes and requirements [1].

This thesis addresses the challenge of selecting an appropriate cybersecurity risk management framework by developing a visual framework that relies on attribute scoring functions [2]. The framework will be built upon an existing knowledge graph  [3] of risk standards [4] and enable users to input their specific requirements. Through attribute scoring functions, the framework will evaluate and rank the frameworks based on relevance and importance, presenting users with a visual representation of the most suitable options. By simplifying the selection process, this visual framework aims to empower organizations to make informed decisions regarding their cybersecurity risk management strategies and enhance their overall security posture. Thus, a web-based application shall be developed that supports users in the decision-making.

[1]  Barraza de la Paz, Juan Vicente, Luis Alberto Rodríguez-Picón, Víctor Morales-Rocha, and Soledad Vianey Torres-Argüelles: "A Systematic Review of Risk Management Methodologies for Complex Organizations in Industry 4.0 and 5.0" Systems 11, no. 5: 218, 2023

[2] Jenny Schmid, Jürgen Bernard.: "A Taxonomy of Attribute Scoring Functions", EuroVis Workshop on Visual Analytics (EuroVA) pp. 31-35, 2021

[3] Leslie F. Sikos: "Cybersecurity knowledge graphs", Knowledge and Information Systems, 2023

[4] Maximilian Huwyler: "Design and Implementation of a Comparison Tool for Selecting an Information Security Risk Assessment Method", Universität Zürich, Communication Systems Group, Department of Informatics, Zürich, Switzerland, March 2023, Available Online.

30% Design, 60% Implementation, 10% Documentation
Knowledge or Interest in Cybersecurity, Familiarity with Web Development

Supervisors: Jan von der Assen

back to the main page