Programvarustöd för hot-, risk- och sårbarhetsanalys

Pettersson, Joakim

January 2008

<p>This report describes a final thesis done during the spring of 2008 as part of the bachelor degree in computer engineering degree at the School of Engineering in Jönköping.</p><p>The client is working in the consulting business and is involved in, amongst others, work regarding information security. Within this field they perform so called Threat, Risk and Vulnerability assessments. Today these assessments are done by a predefined method, but many details are controlled by the person documenting the project. A wish was made that the implementation was standardized, it should also ease the task of estimating the need for time and money. The solution for this seems to be a software tool. This software should handle the data from the assessments and generate foundations for reports.</p><p>The question formulation that has been used is:</p><p>• What are the possibilities to, with software, improve the workflow for handling the information from the assessments?</p><p>• What are suitable techniques to handle this?</p><p>To plan the software focus was put on the assessment and the types of input to them. These inputs were identified through descriptions in literature and informal interviews with analytics. The handling of the information remained unspecified as to not steer the design of the application in a direction that was formed after accustomed patterns, instead an objective solution was sought after.</p><p>The resulting software fulfills all requirements that were specified at the beginning of the project, and it shows that the possibilities to improve the workflow are great. It is possible even with very small means to make it easier for the person doing the documentation. The report resulting from the assessments then become more standardized and make it easier to verify its validity.</p>

Informationssäkerhet

Hot

Risk

Sårbarhet

C#

XML

Dot Net

Rapportgenerering

Computer engineering

Datorteknik

Software engineering

Programvaruteknik

Programvarustöd för hot-, risk- och sårbarhetsanalys

Pettersson, Joakim

January 2008

This report describes a final thesis done during the spring of 2008 as part of the bachelor degree in computer engineering degree at the School of Engineering in Jönköping. The client is working in the consulting business and is involved in, amongst others, work regarding information security. Within this field they perform so called Threat, Risk and Vulnerability assessments. Today these assessments are done by a predefined method, but many details are controlled by the person documenting the project. A wish was made that the implementation was standardized, it should also ease the task of estimating the need for time and money. The solution for this seems to be a software tool. This software should handle the data from the assessments and generate foundations for reports. The question formulation that has been used is: • What are the possibilities to, with software, improve the workflow for handling the information from the assessments? • What are suitable techniques to handle this? To plan the software focus was put on the assessment and the types of input to them. These inputs were identified through descriptions in literature and informal interviews with analytics. The handling of the information remained unspecified as to not steer the design of the application in a direction that was formed after accustomed patterns, instead an objective solution was sought after. The resulting software fulfills all requirements that were specified at the beginning of the project, and it shows that the possibilities to improve the workflow are great. It is possible even with very small means to make it easier for the person doing the documentation. The report resulting from the assessments then become more standardized and make it easier to verify its validity.

Informationssäkerhet

Hot

Risk

Sårbarhet

C#

XML

Dot Net

Rapportgenerering

Computer Engineering

Datorteknik

Software Engineering

Programvaruteknik