Cybersecurity planning is challenging for digitized companies that want adequate protection without overspending money. Currently, the lack of investments and perverse economic incentives are the root cause of cyberattacks, which results in several economic impacts on companies worldwide. Therefore, cybersecurity planning has to consider technical and economic dimensions to help companies achieve a better cybersecurity strategy. This article introduces SECAdvisor, a tool to support cybersecurity planning using economic models. SECAdvisor allows to (a) understand the risks and valuation of different businesses' information, (b) calculate the optimal investment in cybersecurity for a company, (c) receive a recommendation of protections based on the budget available and demands, and (d) compare protection solutions in terms of cost-efficiency. Furthermore, evaluations on usability and real-world training activities performed using SECAdvisor are discussed.

翻译：网络安全规划对于希望在不超支的情况下获得充分保护的数字化企业而言具有挑战性。当前，投资不足与不合理的经济激励是网络攻击的根本原因，这给全球企业带来了多种经济影响。因此，网络安全规划必须兼顾技术与经济维度，以帮助企业制定更优的网络安全策略。本文介绍了SECAdvisor——一种基于经济模型支持网络安全规划的工具。SECAdvisor能够：(a) 理解不同企业信息的风险与估值，(b) 计算企业的最优网络安全投资额，(c) 根据可用预算与需求提供防护建议，以及(d) 从成本效益角度比较防护方案。此外，本文还讨论了利用SECAdvisor开展的用户可用性评估及真实场景培训活动。