Software design is not a linear process, and designing a system from a research perspective, grounded from a theoretical perspective, requires active inputs while iterating through the design and development. This research presents the development of the Cybersecurity Readiness Assessment System (CRAS), designed to evaluate cybersecurity readiness through user-centric approaches. Employing the Design Science Research (DSR) methodology, the evolution of CRAS is envisioned from its initial form as a spreadsheet-based interface to its current design as a cloud-based web application. This work entails three stages: a framework for developing readiness-assessment systems, a detailed understanding of how user-interface (UI) elements influence the perception and outcome of CRAS, and the further development of a system that is theoretically grounded and yet applicable to the industry. The development process emphasizes iterative design stages, incorporating user feedback and Multi-Criteria Decision Making (MCDM) methods.

The UI is a crucial system component, serving as the primary means for eliciting users' input. The development of CRAS looked into the design of UI elements to elicit user input to make decisions. The design of UI elements and their impact is looked at through the lens of Digital Nudging(DN). We designed three UI formats for CRAS, which processed inputs using the same MCDM algorithm. This is done mainly to understand the impact of DN in the context of cybersecurity readiness context. Through DN, this research looks into how subtle UI cues can guide changes in decision outcomes, thereby significantly reducing cognitive load and time performance and changing perception. Through iterative development, this study merges theoretical insights with practical applications. The role of digital nudging in UI design emerges as a cornerstone of this study. We will present the results through a mixed-mode experimental design involving 155 participants (qualitative and quantitative feedback) with 22 subsequent interviews. We assessed the impact of three distinct UI designs on user interaction, perception, and decision outcomes. Findings reveal that digital nudging, through different UI formats, significantly influences user perception, reducing cognitive effort and enhancing decision quality.

Moreover, the study elucidates shifts in user perception before and after interacting with CRAS, indicating an improved understanding and awareness of cybersecurity threats and countermeasures. This research contributes to the cybersecurity field by demonstrating how a structured development approach grounded in DSR, coupled with innovative UI design and digital nudging strategies, can profoundly influence the design and effectiveness of cybersecurity readiness assessment systems, leading to more effective readiness assessment systems and heightened user awareness. Furthermore, we will briefly discuss how this system further incorporated industry-standard controls for assessing cybersecurity readiness, which is adaptable to industry needs. This entire journey will highlight the development of a system that is practical in its design and adaptable as per the industry type and the scenarios, which is also rooted in a theoretical perspective.

Keywords: Design Science Research, Cybersecurity Readiness, IS Artefact, Readiness Assessment, Cybersecurity Controls, Readiness Assessment Systems