Nokia SRA

Security Risk Assessment (SRA) is a critical part of Nokia's internal product assurance process. The existing system suffered from:

• →**Structural fragmentation** — inconsistent workflows across teams
• →**Limited visibility** — no unified view of emerging risk patterns
• →**Excessive manual effort** — specialists drowning in spreadsheet management

The primary goal was to redesign the SRA platform to enable intuitive vulnerability reporting, establish workflow consistency, and create a scalable system while preserving compliance requirements and traceability across distributed global teams.

I conducted systematic investigation through:

• →Interviewing product security specialists
• →Engaging engineers and assessment leads
• →Mapping the existing end-to-end process

Critical Pain Points Identified:

Fragmented Information Architecture Teams operated without unified vulnerability visibility across projects. Information remained siloed by department.

Data Quality Issues Duplicate and outdated entries created confusion. Rework became necessary to resolve inconsistencies.

Workflow Inefficiency Assessment specialists spent disproportionate time in spreadsheet management with limited capacity for actual risk analysis.

The research revealed the fundamental need: make risk visibility simple and actionable.

Solution: SRA Dashboard

A unified hub consolidating visibility and action capabilities. The redesign transformed the system from "a report" into "a control center."

Key Features:

Risk Visualization Prioritized risk presentation through tile-based layout with color-coded severity classification for immediate pattern recognition.

Lifecycle Management Unified timeline displaying complete vulnerability lifecycle progression with historical context for each entry.

Navigation & Filtering Smart filtration by product, owner, and status. Reduced cognitive load through contextual organization.

Process Guidance Structured review workflow with standardized step-by-step assessment process.

"Design here wasn't about aesthetics — it was about building trust through information flow."

The approach prioritized: • Visual clarity in technical environments • Systematic information hierarchy • Actionable data presentation

This project demonstrated how visual systems can drive clarity in deeply technical spaces, emphasizing that effective design in complex domains requires prioritizing information architecture and trust-building over aesthetic considerations.