The global overview of the challenges faced in trying to minimise the risks of organisations in the face of cyber-attacks is arduous for any organisation. Defining an appropriate risk management model that proactively minimises cybersecurity incidents is a critical challenge. Many malicious attacks occur daily, and there is only sometimes an adequate response. There is a significant investment in research to identify the main factors that may cause such incidents, always trying to have the most appropriate response and, consequently, potentiating the response capacity and success. At the same time, several different methodologies evaluate risk management and the maturity level of organisations. Due to the lack of predictive models based on data (evidence), there is a significant investment in research to identify the main factors that may cause such incidents, starting to design models based on AI - Artificial Intelligence. This research will go in the direction of developing a user-friendly model supporting the assessment of the methodological aspects of an organisation.
Top1. Introduction
Due to the fact that this is the beginning stage of a PhD thesis in the challenging topic of information security, the work being done here is an exploration work of what has to be done.
All of the models are conceptual and have not been put through any kind of experimentation; rather, they serve as the framework and the product of one year's worth of study, so providing the basis for the work and artefact that are now in the process of being developed.
The subsequent step will consist of the investigation of the models that have been mentioned in this article and the resolution of the research queries.
The dilemma that arises from approaching danger while simultaneously failing to respond to security incidents is discussed in the book “Risk Assessment and Decision Analysis with Bayesian Networks” (Abu, 2018). It is indicated in that passage that common approaches like risk registers and heat maps are not sufficient to manage the risk assessment in an appropriate manner. On the other hand, the book titled “Visualisation Analysis” (Ahmad et al., 2020) discusses the “clear advantages of using data visualisation to understand better the connections between these data compared to using textual or numerical forms” (page).
When managers working in cybersecurity have access to this information, they are able to make decisions more rapidly, evaluate the investment and return, and decide the significance of a decision. The powers of visualisation and interpretation are extremely important for these managers (Atkins & Lawson, 2020).
In order for businesses to continue their operations in the market, they were had to go through a transition. This highlighted a cybersecurity risk that had been dormant up until that point and resulted in the creation of new organisational vulnerabilities (Yeoh et al., 2021).
The term “cybersecurity risk” has been used in a variety of ways, and only a handful of academics have developed definitive definitions for it. However, other researchers have investigated trends in these uses. For instance, Oltramari and Kott (2022) suggest that practitioners explain cyber risk in terms of a system's configuration rather than the possibility that damage would occur. This is in contrast to the common practise of focusing on the likelihood of damage occurring. Others describe risk assessment as the “general process of risk identification, risk analysis, and risk assessment,” whereas risk management is described as “coordinated activities to direct and control an organisation regarding risks” Bowen et al., (2011).
Therefore, the visualisation and use of data are helpful in the process of decision-making, which is crucial for every organisation, regardless of size or nature, and has an effect on all of the system components Conti et al., (2018). When it comes to making sound decisions, having access to high-quality information is absolutely necessary Craigen et al., (2014).