Vulnerability Management Process in Production Environment
Koskinen, Ville (2016)
2016
Tietotekniikan koulutusohjelma
Tieto- ja sähkötekniikan tiedekunta - Faculty of Computing and Electrical Engineering
This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Hyväksymispäivämäärä
2016-12-07
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:tty-201611214728
https://urn.fi/URN:NBN:fi:tty-201611214728
Tiivistelmä
This thesis is about designing and implementing vulnerability management process in production environment. The process is designed to work in an environment which is compatible with ISO27000 standard family and ITIL standard. Therefore also the processes designed and developed in this thesis are designed to be compatible with those standards.
The thesis provides introduction to general information security management by introducing some of the information security management frameworks defined by different organizations. The thesis will also provide a definition of the vulnerability management process and an analysis of the effectiveness of that process and opportunities for future improvements.
The thesis provides one way to implement a vulnerability management process to an environment, where certain restrictions were ruled and where capital expenses cannot be made, hence the process needs to be planned to rely more on the operational work and operational expenses.
Even though this thesis does not cover the certification process of the vulnerability management process, it can be noted that a part of the process, vulnerability scanning process, developed in this thesis, has been under a certification process and has passed the certification as a part of larger certification scope.
The thesis provides introduction to general information security management by introducing some of the information security management frameworks defined by different organizations. The thesis will also provide a definition of the vulnerability management process and an analysis of the effectiveness of that process and opportunities for future improvements.
The thesis provides one way to implement a vulnerability management process to an environment, where certain restrictions were ruled and where capital expenses cannot be made, hence the process needs to be planned to rely more on the operational work and operational expenses.
Even though this thesis does not cover the certification process of the vulnerability management process, it can be noted that a part of the process, vulnerability scanning process, developed in this thesis, has been under a certification process and has passed the certification as a part of larger certification scope.