Publicação
SecRush – New Generation Vulnerability Management Framework
| datacite.subject.fos | Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática | pt_PT |
| dc.contributor.advisor | Sá, Alan Oliveira de | |
| dc.contributor.author | Santana, Miguel Tomás Cabrita | |
| dc.date.accessioned | 2023-05-04T18:09:29Z | |
| dc.date.available | 2023-05-04T18:09:29Z | |
| dc.date.issued | 2023 | |
| dc.date.submitted | 2022 | |
| dc.description | Tese de Mestrado, Segurança Informática, 2022, Universidade de Lisboa, Faculdade de Ciências | pt_PT |
| dc.description.abstract | Vulnerabilities have been increasing over the years without signs of decreasing soon. With this ex ponential growth, it is important for organizations to define a vulnerability management plan to proceed with what should be done if they encounter a vulnerability. However, existing plans and metrics do not fit the current reality. Existing plans are not independent of vulnerability detection tools. The classifica tion systems currently used (the most common is CVSS) fail to provide information on the variation of risk that a particular vulnerability entails for the organization. As this is not constant, being exception ally high when there is a form of active exploitation, as well as its location in the network and business needs. SecRush presents itself as a new vulnerability management framework with a new risk-based vulnerability management process. It has a set of procedures inspired by agile methodologies to mitigate vulnerabilities and a new classification system - SecScore – able to provide a prioritization in context with the organization. SecScore varies its ranking through temporal factors (specific risk index depend ing on the organization’s risk appetite and the availability of an exploit) and environmental factors (asset visibility to the external network and importance of the asset to the organization’s mission). This project intends not only to contribute with a set of procedures independent of the security tools used but also to improve the currently existing classification systems for prioritization, which cannot adapt to the different contexts in which they are found. | pt_PT |
| dc.identifier.tid | 203504372 | |
| dc.identifier.uri | http://hdl.handle.net/10451/57360 | |
| dc.language.iso | eng | pt_PT |
| dc.subject | Vulnerabilidade | pt_PT |
| dc.subject | Gestão de Vulnerabilidades | pt_PT |
| dc.subject | Gestão de Vulnerabilidades Baseada em Risco | pt_PT |
| dc.subject | CVSS | pt_PT |
| dc.subject | Teses de mestrado - 2023 | pt_PT |
| dc.title | SecRush – New Generation Vulnerability Management Framework | pt_PT |
| dc.type | master thesis | |
| dspace.entity.type | Publication | |
| rcaap.rights | openAccess | pt_PT |
| rcaap.type | masterThesis | pt_PT |
| thesis.degree.name | Mestrado em Segurança Informática | pt_PT |
Ficheiros
Licença
1 - 1 de 1
Miniatura indisponível
- Nome:
- license.txt
- Tamanho:
- 1.2 KB
- Formato:
- Item-specific license agreed upon to submission
- Descrição: