A Lightweight Tool for Measuring the Impact of IT Security Controls in Critical Infrastructures
European Society for Socially Embedded Technologies (EUSSET)
IT security is a cost-intensive aspect of SMEs. Critical infrastructures, in particular, are increasingly dependent on good IT security. Increasing security, however, can limit the usability of existing applications and work processes. Based on empirical studies inclusive workshops in the field, we designed a lightweight tool and integrated it into an inter-organizational knowledge exchange platform. With the tool, we want to offer an opportunity to get experience and feedback directly from those employees, who are directly affected by IT security controls. So, the IT security officer can react to it and gain more insight into the impact of IT security controls. They are in the position to administrate the tool’s backend company-internally, while chosen data can be exported and discussed on the inter-organizational platform. Hence, this tool supports a community building effect on organizational and inter-organizational level.