Enhancing cybersecurity risk assessment using temporal knowledge graph-based explainable decision support system

Assessing cybersecurity policies is crucial for organisations to combat evolving cyber threats. The absence of comprehensive datasets has prevented prior studies from analysing cybersecurity policy risks. Past studies also neglected temporal information in policies, and attention-based analyses often lack automated determination of optimal attention units. Furthermore, the absence of interpretability in cybersecurity studies creates a barrier to understanding policy vulnerabilities and developing targeted solutions.

To address these challenges, this work proposes a decision support system that:

1. Enhances risk classification of organisations’ cybersecurity policies.
2. Develops a comprehensive cybersecurity policy dataset from 190 company websites, transformed into a knowledge graph to capture entities and relationships.
3. Provides explainable insights into policy vulnerabilities for targeted cybersecurity improvements.