The HORM Diagramming Tool: A Domain-Specific Modelling Tool for SME Cybersecurity Awareness

Costas Boletsis; Sefat Orni; Ragnhild Halvorsrud

doi:10.5220/0011786600003417

The HORM Diagramming Tool: A Domain-Specific Modelling Tool for SME Cybersecurity Awareness

Costas Boletsis, Sefat Orni, Ragnhild Halvorsrud

2023

Abstract

Improving security posture while addressing human errors made by employees are among the most challenging tasks for SMEs concerning cybersecurity risk management. To facilitate these measures, a domain-specific modelling tool for visualising cybersecurity-related user journeys, called the HORM Diagramming Tool (HORM-DT), is introduced. By visualising SMEs’ cybersecurity practices, HORM-DT aims to raise their cybersecurity awareness by highlighting the related gaps, thereby ultimately informing new or updated cyber-risk strategies. HORM-DT’s target group consists of SMEs’ employees with various areas of technical expertise and different backgrounds. The tool was developed as part of the Human and Organisational Risk Modelling (HORM) framework, and the underlying formalism is based on the Customer Journey Modelling Language (CJML) as extended by elements of the CORAS language to cover cybersecurity-related user journeys. HORM-DT is a fork of the open-source Diagrams.net software, which was modified to facilitate the creation of cybersecurity-related diagrams. To evaluate the tool, a usability study following a within-subject design was conducted with 29 participants. HORM-DT achieved a satisfactory system usability scale score of 80.69, and no statistically significant differences were found between participants with diverse diagramming tool experience. The tool’s usability was also praised by participants, although there were negative comments regarding its functionality of connecting elements with lines.

Download

Paper Citation

in Harvard Style

Boletsis C., Orni S. and Halvorsrud R. (2023). The HORM Diagramming Tool: A Domain-Specific Modelling Tool for SME Cybersecurity Awareness. In Proceedings of the 18th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications (VISIGRAPP 2023) - Volume 3: IVAPP; ISBN 978-989-758-634-7, SciTePress, pages 203-213. DOI: 10.5220/0011786600003417

in Bibtex Style

@conference{ivapp23,
author={Costas Boletsis and Sefat Orni and Ragnhild Halvorsrud},
title={The HORM Diagramming Tool: A Domain-Specific Modelling Tool for SME Cybersecurity Awareness},
booktitle={Proceedings of the 18th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications (VISIGRAPP 2023) - Volume 3: IVAPP},
year={2023},
pages={203-213},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0011786600003417},
isbn={978-989-758-634-7},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 18th International Joint Conference on Computer Vision, Imaging and Computer Graphics Theory and Applications (VISIGRAPP 2023) - Volume 3: IVAPP
TI - The HORM Diagramming Tool: A Domain-Specific Modelling Tool for SME Cybersecurity Awareness
SN - 978-989-758-634-7
AU - Boletsis C.
AU - Orni S.
AU - Halvorsrud R.
PY - 2023
SP - 203
EP - 213
DO - 10.5220/0011786600003417
PB - SciTePress