Visualizing Cybersecurity Coverage using MITRE ATT&CK Framework
DOI:
https://doi.org/10.47363/h33g7p82Keywords:
Cybersecurity, Risk Management, Information Visualization, Monte Carlo Simulation, Financial RiskAbstract
This paper presents an innovative approach to visualizing cybersecurity coverage within the Zscaler Risk360 product, leveraging the MITRE ATT&CK
framework. Emphasizing a user-centered design methodology, the study integrates the complex ATT&CK framework into a practical, interactive interface tailored for cybersecurity professionals. This interface combines qualitative and quantitative metrics, enabling users to assess the security posture of their organization effectively. The design process is informed by insights from semi-structured interviews with Chief Information Security Officers (CISOs) and subject matter experts, ensuring relevance and usability. The paper discusses key design decisions, including the integration of complex framework tree structures, color-coded coverage mappings, and a three-pane view for detailed analysis. Additionally, it explores extended use cases beyond the immediate application, suggesting potential for broader applications in various cybersecurity and compliance contexts. This work aims to enhance decision-making
in cybersecurity management and inspire future research and development in cybersecurity and data visualization tools.
Downloads
Published
Issue
Section
License
Copyright (c) 2023 Journal of Artificial Intelligence & Cloud Computing
This work is licensed under a Creative Commons Attribution 4.0 International License.
