SecBot: a Business-Driven Conversational Agent for Cybersecurity Planning and Management

Businesses were moving during the past decades to-ward full digital models, which made companies face new threatsand cyberattacks affecting their services and, consequently, theirprofits. To avoid negative impacts, companies’ investments incybersecurity are increasing considerably. However, Small andMedium-sized Enterprises (SMEs) operate on small budgets,minimal technical expertise, and few personnel to address cy-bersecurity threats. In order to address such challenges, it isessential to promote novel approaches that can intuitively presentcybersecurity-related technical information.This paper introduces SecBot, a cybersecurity-driven conver-sational agent (i.e., chatbot) for the support of cybersecurityplanning and management. SecBot applies concepts of neuralnetworks and Natural Language Processing (NLP), to interactand extract information from a conversation. SecBot can(a)identify cyberattacks based on related symptoms,(b)indicatesolutions and configurations according to business demands,and(c)provide insightful information for the decision on cy-bersecurity investments and risks. A formal description hadbeen developed to describe states, transitions, a language, anda Proof-of-Concept (PoC) implementation. A case study and aperformance evaluation were conducted to provide evidence ofthe proposed solution’s feasibility and accurac