Development of process and tools for vulnerability management
Ylätalo, Anssi (2019)
2019
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2019111821419
https://urn.fi/URN:NBN:fi:amk-2019111821419
Tiivistelmä
The primary objective of this thesis was to improve vulnerability management within
cybersecurity domain by defining an unambiguous process to handle findings causing
threat to commissioner’s local ICT infrastructure. Also, supporting tools were to be studied and implemented or suggested. The mentionable secondary objectives were to improve the situational awareness by giving visibility to a security posture, and to enhance the quality of asset management information.
The study was carried out as a research-assisted development project using the constructive project model where the strengths of a traditional linear project model and a
spiral project model have been combined. The constructive development project emphasises interaction, participation and pedagogical way of working as primary
methodology. The most important data gathering methods were observation, participation, documentation intake and online meetings. The research work was done on top of authors daily work, in co-operation with key resources from commissioner’s organization.
The primary result of the research was a definition and an implementation of a vulnerability management process, including process key roles, responsibilities, tasks and KPIs. The process was streamlined for efficiency and simplicity. The secondary result was an implementation of a virtual vulnerability scanner infrastructure and a build of a dashboard for vulnerability information on an existing log management system.
Vulnerability management is a key component in planning and implementing security
controls and executing a risk assessment. The study suggests that having a formal process and proper tooling in place would improve risk management of an organisation, daily work efficiency and quality, situational awareness, and enhance asset data quality. The study showed that proper asset management is in a key role to execute the vulnerability management process successfully. Also, the study discovered that the process could be used for the remediation of deviations found by some other activities, like a compliancy scan. The improvement of tooling should continue with a SIEM system implementation on top of an existing log management system, and by enabling a credentialed vulnerability scanning.
cybersecurity domain by defining an unambiguous process to handle findings causing
threat to commissioner’s local ICT infrastructure. Also, supporting tools were to be studied and implemented or suggested. The mentionable secondary objectives were to improve the situational awareness by giving visibility to a security posture, and to enhance the quality of asset management information.
The study was carried out as a research-assisted development project using the constructive project model where the strengths of a traditional linear project model and a
spiral project model have been combined. The constructive development project emphasises interaction, participation and pedagogical way of working as primary
methodology. The most important data gathering methods were observation, participation, documentation intake and online meetings. The research work was done on top of authors daily work, in co-operation with key resources from commissioner’s organization.
The primary result of the research was a definition and an implementation of a vulnerability management process, including process key roles, responsibilities, tasks and KPIs. The process was streamlined for efficiency and simplicity. The secondary result was an implementation of a virtual vulnerability scanner infrastructure and a build of a dashboard for vulnerability information on an existing log management system.
Vulnerability management is a key component in planning and implementing security
controls and executing a risk assessment. The study suggests that having a formal process and proper tooling in place would improve risk management of an organisation, daily work efficiency and quality, situational awareness, and enhance asset data quality. The study showed that proper asset management is in a key role to execute the vulnerability management process successfully. Also, the study discovered that the process could be used for the remediation of deviations found by some other activities, like a compliancy scan. The improvement of tooling should continue with a SIEM system implementation on top of an existing log management system, and by enabling a credentialed vulnerability scanning.