Vulnerability management service for product life cycle

Thumbnail Image

URL

Journal Title

Journal ISSN

Volume Title

Sähkötekniikan korkeakoulu | Master's thesis

Date

2017-05-22

Department

Major/Subject

Network Economics

Mcode

ETA3003

Degree programme

CCIS - Master’s Programme in Computer, Communication and Information Sciences (TS2013)

Language

en

Pages

66+7

Series

Abstract

This thesis was commissioned by a large enterprise. The company requires a vulnerability management solution, which would enable them to manage vulnerabilities throughout the product life cycle. An analysis was required on whether such solution should be purchased or built as an internal project. This study was completed in two main phases. First, a make-or-buy decision was done based on the analysis. Second, a suitable VMS design and implementation was suggested. To collect input for the analysis, all potential users were identified and from them groups of volunteers were invited to interviews. The data from the focus group interviews was then processed and documented in the form of requirement specification for Vulnerability Management Service (VMS). Commercial off-the-shelf solutions were compared against the list of requirements. A second round of review was done with selected commercial products, which fulfilled majority of the requirements. As a result of the performed comparisons, this study concluded that building an own solution would deliver higher Return on Investment (ROI) in long term perspective. VMS stakeholders accepted the recommendation of this study and proceeded to fund the design and implementation. The study goes on to provide guidelines for service design and implementation based on industry best practices. This paper also introduces a useful maturity model for VMS capabilities and monitoring of the evolution of vulnerability management practices.

Description

Supervisor

Hämmäinen, Heikki

Thesis advisor

Frisk, Matti

Keywords

vulnerability, management, product, life cycle, VMS, PLCM

Other note

Citation