Learning Centre

Vulnerability management service for product life cycle

 |  Login

Show simple item record

dc.contributor Aalto-yliopisto fi
dc.contributor Aalto University en
dc.contributor.advisor Frisk, Matti
dc.contributor.author Nikolov, Andon
dc.date.accessioned 2017-06-13T07:30:37Z
dc.date.available 2017-06-13T07:30:37Z
dc.date.issued 2017-05-22
dc.identifier.uri https://aaltodoc.aalto.fi/handle/123456789/26746
dc.description.abstract This thesis was commissioned by a large enterprise. The company requires a vulnerability management solution, which would enable them to manage vulnerabilities throughout the product life cycle. An analysis was required on whether such solution should be purchased or built as an internal project. This study was completed in two main phases. First, a make-or-buy decision was done based on the analysis. Second, a suitable VMS design and implementation was suggested. To collect input for the analysis, all potential users were identified and from them groups of volunteers were invited to interviews. The data from the focus group interviews was then processed and documented in the form of requirement specification for Vulnerability Management Service (VMS). Commercial off-the-shelf solutions were compared against the list of requirements. A second round of review was done with selected commercial products, which fulfilled majority of the requirements. As a result of the performed comparisons, this study concluded that building an own solution would deliver higher Return on Investment (ROI) in long term perspective. VMS stakeholders accepted the recommendation of this study and proceeded to fund the design and implementation. The study goes on to provide guidelines for service design and implementation based on industry best practices. This paper also introduces a useful maturity model for VMS capabilities and monitoring of the evolution of vulnerability management practices. en
dc.format.extent 66+7
dc.format.mimetype application/pdf en
dc.language.iso en en
dc.title Vulnerability management service for product life cycle en
dc.type G2 Pro gradu, diplomityö fi
dc.contributor.school Sähkötekniikan korkeakoulu fi
dc.subject.keyword vulnerability en
dc.subject.keyword management en
dc.subject.keyword product en
dc.subject.keyword life cycle en
dc.subject.keyword VMS en
dc.subject.keyword PLCM en
dc.identifier.urn URN:NBN:fi:aalto-201706135477
dc.programme.major Network Economics fi
dc.programme.mcode ETA3003 fi
dc.type.ontasot Master's thesis en
dc.type.ontasot Diplomityö fi
dc.contributor.supervisor Hämmäinen, Heikki
dc.programme CCIS - Master’s Programme in Computer, Communication and Information Sciences (TS2013) fi
dc.ethesisid Aalto 9613
dc.location P1 fi

Files in this item

This item appears in the following Collection(s)

Show simple item record

Search archive

Advanced Search

article-iconSubmit a publication