A Solution to Selecting Cyber-Security Software Tools for an Organization Using Security Controls

Abstract: In the last decade, cyber-threats have evolved dramatically, forcing organizations yearafter year to use increasingly sophisticated security measures, security software amongothers. This has led to a huge increase in the number of security tools available in theindustry. The result of the increase is that that companies often do not know in whichsoftware to invest in order to meet their security needs. The purpose of this thesis isto address this problem by developing a solution that helps companies to choose theright security software based on their security needs and that allows to do the selectionprocess in a systematic and reliable way.The solution proposed in the thesis builds on interviews with experts in information security,data collection from the literature and Internet and on a case study. The solutionconsists of rstly an investigate method with which it is possible to categorize any securitytool according to the list of cyber-security controls proposed by CIS Critical SecurityControls (CSC), which were chosen after a comparative study with other publicly availablecontrols because they are actionable, relevant and updated frequently. Secondly,the solution proposes a user-friendly web tool that has been developed to allow the usersto visualize the collected information for comparison. The visualization tool will helpthe users to select the security tools in which the company could be interested to investin. The visualization is done in a simple way and the CSCs that would be covered areshown together with the gaps and the overlaps of the selected tools. In order to verifythe viability of the solution that was developed with real data, the project includes acase study with a representative set of security tools. The case study facilitates thecomprehension of the process undertaken and shows how this method could be appliedin a real case scenario.