Defining a Process for Statistical Analysis of Vulnerability Management using KPI
2017 (English)Independent thesis Advanced level (professional degree), 300 HE credits
Student thesis
Abstract [en]
In todays connected society, with rapidly advancing technology, there is an interest in offering technical services in our day to day life. Since these services are used to handle sensitive information and money, there are demands for increased information security. Sometimes errors occur in these systems that risk the security for both parties. These systems should be secured to maintain secure operations even though vulnerabilities occur.
Outpost24 is one company that specializes in vulnerability management. By using their scanning tool OUTSCAN™, Outpost24 can identify vulnerabilities in network components, such as firewalls, switches, printers, devices, servers, workstations and other computer systems. These results are then stored in a database. Within this study, the authors will work together with Outpost24 towards this data. The goal is to define a process for generation of vulnerability reports for the company. The process will perform a statistical analysis of the data and present the findings.
To solve the task a report was created, during which the process was documented. The work began with a background study into Key Performance Indicators (KPIs), in which the most common security KPIs were identified from similar works. A tool was also developed to help with the analysis. This resulted in a statistical analysis using Outpost24’s dataset. By presenting the data formatted by the KPIs, trends could be identified. This showed an overall trend of increasing vulnerabilities and the necessity for organizations to spend resources towards security. The KPIs offer other possibilities, such as creating a baseline for security evaluation using data from one year. In the future, one could use the KPIs to compare how the security situation has changed.
Place, publisher, year, edition, pages
2017.
Keywords [en]
Vulnerability, Networks, Key Performance Indicators, Statistics
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:bth-14723OAI: oai:DiVA.org:bth-14723DiVA, id: diva2:1115612
External cooperation
Outpost24
Subject / course
Degree Project in Master of Science in Engineering 30.0
Educational program
DVACD Master of Science in Computer Security
Supervisors
Examiners
2017-06-282017-06-272022-05-12Bibliographically approved