CC BY-SAFähnrich, NicolasNicolasFähnrichRoßnagel, HeikoHeikoRoßnagel2022-07-042022-07-042022https://publica.fraunhofer.de/handle/publica/41855810.18420/OID2022_122-s2.0-85136265432Small and medium sized companies (SMEs) are often insufficiently protected against cyberattacks although there is a wide range of cybersecurity guidelines, products and services availableIn this paper, we present an online tool to support SMEs in improving their IT-security level by enabling them to identify critical business processes and to identify the most pressing protection needs by using a lightweight value chain-based approach. For using the online tool, no expert knowledge of the company’s IT-infrastructure or implemented IT-security measures is required, since no assessment of cybersecurity threats but of the impact of potential damage scenarios on business processes is carried out. Based on a generated set of recommendations, companies are provided with suitable IT-security measures and corresponding offerings in a prioritized order. These offerings include services and products to implement the given recommendations.enIT-securityexpert systemvalue chainbayesian networkSMEdamage scenariosconference paper