Department of Computer, Control and Management Engineering

In the last years, several standards and frameworks have been developed to help organizations to increase the security of their Information Technology (IT) systems. In order to deal with the continuous evolution of the cyberattacks complexity, such solutions have to cope with an overwhelming set of concepts, and are perceived as complex and hard to implement. This paper presents a visual analytics solution targeted at dealing with the Italian Adaptation of the Cyber Security Framework (IACSF), derived by the National Institute of Standards and Technology (NIST) proposal, adaptation that, in its full complexity, presents the security managers with hundreds of scattered concepts, like functions, categories, subcategories, priorities, maturity levels, current and target profiles, and controls, making its adoption a complex activity. The system has been designed together with the security experts of one of the largest Italian public organization and has the goal of providing a continuous overview of the adoption process, providing a prioritizing view that helps in effectively planning the required activities. A prototype is available at: http://awareserver.dis.uniroma1.it:11768/crumbs/