Abstract

Security risk management is a vital part of any system development, including e-commerce and other information systems that need security. Notably, NIST has developed cyber security and privacy controls, such as SP-800-53, to facilitate risk management for federal information systems. By integrating such NIST-compliance security controls, our CSAT is innovative to offer a user-interactive software tool for effectively facilitating the robust and secure architecture development of information systems in the way of enhancing overall risk management. It specifically promotes the enhancement of risk management by composing reports/graphs in different NIST defined do-mains/controls/capabilities specification effectively. This helps to reduce development cost, time, and manpower by using the tool to quickly define information system security standards based on NIST's security and privacy guidelines. The development of such a tool is of importance for risk management, e.g., security evaluation, risk assessment, controls implementation, system security planning). It can be used to optimize the risk management in the information system architecture in the lowest cost, while increasing the security robustness by systemically providing NIST guideline and risk management in the information system development level.