Ricerc@Sapienza

In the last years, several standards and frameworks have been developed to help organizations to increase the security of their Information Technology (IT) systems. In order to deal with the continuous evolution of the cyber-attacks complexity, such solutions have to cope with an overwhelming set of concepts, and are perceived as complex and hard to implement. The exploration of the cyber-security state of an organization can be made more effective and proficient if supported by the right level of automation.