Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Defining a Process for Statistical Analysis of Vulnerability Management using KPI
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
Blekinge Institute of Technology, Faculty of Computing, Department of Computer Science and Engineering.
2017 (English)Independent thesis Advanced level (degree of Master (Two Years)), 300 HE creditsStudent thesis
Abstract [en]

In todays connected society, with rapidly advancing technology, there is an interest in offering technical services in our day to day life. Since these services are used to handle sensitive information and money, there are demands for increased information security. Sometimes errors occur in these systems that risk the security for both parties. These systems should be secured to maintain secure operations even though vulnerabilities occur.

Outpost24 is one company that specializes in vulnerability management. By using their scanning tool OUTSCAN™, Outpost24 can identify vulnerabilities in network components, such as firewalls, switches, printers, devices, servers, workstations and other computer systems. These results are then stored in a database. Within this study, the authors will work together with Outpost24 towards this data. The goal is to define a process for generation of vulnerability reports for the company. The process will perform a statistical analysis of the data and present the findings.

To solve the task a report was created, during which the process was documented. The work began with a background study into Key Performance Indicators (KPIs), in which the most common security KPIs were identified from similar works. A tool was also developed to help with the analysis. This resulted in a statistical analysis using Outpost24’s dataset. By presenting the data formatted by the KPIs, trends could be identified. This showed an overall trend of increasing vulnerabilities and the necessity for organizations to spend resources towards security. The KPIs offer other possibilities, such as creating a baseline for security evaluation using data from one year. In the future, one could use the KPIs to compare how the security situation has changed.

Place, publisher, year, edition, pages
2017.
Keyword [en]
Vulnerability, Networks, Key Performance Indicators, Statistics
National Category
Engineering and Technology
Identifiers
URN: urn:nbn:se:bth-14723OAI: oai:DiVA.org:bth-14723DiVA: diva2:1115612
External cooperation
Outpost24
Subject / course
Degree Project in Master of Science in Engineering 30.0
Educational program
DVACD Master of Science in Computer Security
Supervisors
Examiners
Available from: 2017-06-28 Created: 2017-06-27 Last updated: 2017-06-28Bibliographically approved

Open Access in DiVA

fulltext(1122 kB)16 downloads
File information
File name FULLTEXT02.pdfFile size 1122 kBChecksum SHA-512
0d8a2d5c7757026ffeb30f86b1bf114616426945d9d6d3763d47c3639d38adf691df463fc202b0d58f29703f2a7b322647cd95d24e002b6f7d1ed094047dd7f0
Type fulltextMimetype application/pdf

By organisation
Department of Computer Science and Engineering
Engineering and Technology

Search outside of DiVA

GoogleGoogle Scholar
Total: 16 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

Total: 190 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf