Fähnrich, NicolasRoßnagel, HeikoRoßnagel, HeikoSchunck, Christian H.Mödersheim, Sebastian2022-06-072022-06-072022978-3-88579-719-7https://dl.gi.de/handle/20.500.12116/38699Small and medium sized companies (SMEs) are often insufficiently protected against cyberattacks although there is a wide range of cybersecurity guidelines, products and services availableIn this paper, we present an online tool to support SMEs in improving their IT-security level by enabling them to identify critical business processes and to identify the most pressing protection needs by using a lightweight value chain-based approach. For using the online tool, no expert knowledge of the company’s IT-infrastructure or implemented IT-security measures is required, since no assessment of cybersecurity threats but of the impact of potential damage scenarios on business processes is carried out. Based on a generated set of recommendations, companies are provided with suitable IT-security measures and corresponding offerings in a prioritized order. These offerings include services and products to implement the given recommendations.enIT-securityexpert systemvalue chainbayesian networkSMEdamage scenariosText/Conference Paper10.18420/OID2022_121617-5468