Vulnerability management service for product life cycle

Loading...
Thumbnail Image
Journal Title
Journal ISSN
Volume Title
Sähkötekniikan korkeakoulu | Master's thesis
Date
2017-05-22
Department
Major/Subject
Network Economics
Mcode
ETA3003
Degree programme
CCIS - Master’s Programme in Computer, Communication and Information Sciences (TS2013)
Language
en
Pages
66+7
Series
Abstract
This thesis was commissioned by a large enterprise. The company requires a vulnerability management solution, which would enable them to manage vulnerabilities throughout the product life cycle. An analysis was required on whether such solution should be purchased or built as an internal project. This study was completed in two main phases. First, a make-or-buy decision was done based on the analysis. Second, a suitable VMS design and implementation was suggested. To collect input for the analysis, all potential users were identified and from them groups of volunteers were invited to interviews. The data from the focus group interviews was then processed and documented in the form of requirement specification for Vulnerability Management Service (VMS). Commercial off-the-shelf solutions were compared against the list of requirements. A second round of review was done with selected commercial products, which fulfilled majority of the requirements. As a result of the performed comparisons, this study concluded that building an own solution would deliver higher Return on Investment (ROI) in long term perspective. VMS stakeholders accepted the recommendation of this study and proceeded to fund the design and implementation. The study goes on to provide guidelines for service design and implementation based on industry best practices. This paper also introduces a useful maturity model for VMS capabilities and monitoring of the evolution of vulnerability management practices.
Description
Supervisor
Hämmäinen, Heikki
Thesis advisor
Frisk, Matti
Keywords
vulnerability, management, product, life cycle, VMS, PLCM
Other note
Citation