Militarizing red teaming agile and scalable process for cyber red teaming using adaptive planning and execution framework

Red teaming toiminnan tavoitteena on luoda parempia suunnitelmia, tuotteita tai käytänteitä millä tahansa toimialalla haastamalla ja kyseenalaistamalla nykyisiä malleja. Toiminnan ytimessä on etenkin tulevaisuuden riskien hallinta ja huonojen uutisten kommunikointi. Nykyinen red teaming tutkimus on...

Full description

Bibliographic Details
Main Authors: Tuovinen, Jussi, Frilander, Kimmo
Other Authors: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Format: Master's thesis
Language:eng
Published: 2019
Subjects:
Online Access: https://jyx.jyu.fi/handle/123456789/65230
_version_ 1826225753161728000
author Tuovinen, Jussi Frilander, Kimmo
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Tuovinen, Jussi Frilander, Kimmo Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Tuovinen, Jussi Frilander, Kimmo Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Tuovinen, Jussi
datasource_str_mv jyx
description Red teaming toiminnan tavoitteena on luoda parempia suunnitelmia, tuotteita tai käytänteitä millä tahansa toimialalla haastamalla ja kyseenalaistamalla nykyisiä malleja. Toiminnan ytimessä on etenkin tulevaisuuden riskien hallinta ja huonojen uutisten kommunikointi. Nykyinen red teaming tutkimus on painottunut pitkälti teknisiin penetraatiotestauksen käytänteisiin ja uhkatoiminnan mallintamiseen. Ongelmien korjaaminen on jäänyt osin paitsioon, vaikka se on edellytys paremman turvallisuuden rakentamiselle. Kyberuhat kehittyvät jatkuvasti, joten red teaming tutkimuksen tulee myös kehittyä. Red teaming tulisi toteuttaa kokonaisvaltaisena suunnittelu- ja toimeenpanoprosessina, joka huomioi koko turvallisuuden elinkaaren alkaen tiedustelusta ja suunnittelusta päättyen kohdeorganisaation turvallisuuden kehittämiseen. Red teamingin tulisi olla ymmärrettävä, läpinäkyvä ja jäljitettävissä oleva prosessi, jonka organisaatiot voivat omaksua. Tutkimusongelmana oli luoda kokonaisvaltainen ja ketterä red teamingin toimintamalli sotilaallisen adaptiivisen suunnittelun ja toimeenpanon mallin pohjalta kyberturvallisuuden viitekehyksessä. Ongelman ratkaisemiseen käytettiin suunnittelutieteellistä metodologiaa tietojärjestelmätutkimuksen viitekehyksessä. Ensin luotiin perusta ja tutkimusympäristön kuvaus tietoturvasta sekä red teamingistä. Sitten esiteltiin adaptiivinen suunnittelu- ja toimeenpanomalli, tiedustelu ja maalittaminen sekä ketteriä menetelmiä. Tämän jälkeen viidelle kyberturvallisuusyritykselle toteutettiin kyselytutkimus red teaming toiminnan haasteista. Tulokset analysoitiin teemoittelemalla ja haasteisiin vastattiin luomalla red teamingin kokonaisvaltainen toimintamalli tutkimuskirjallisuuden sekä kyselytutkimuksen menestystekijöiden perusteella. Mallia testattiin yritysten asiantuntijoille suunnatulla kaksikierroksisella Delphi kyselyllä. Tutkimuksen tuloksena syntyi kokonaisvaltainen red teamingin toimintalli mihin sisällytettiin asiantuntijoiden kehitysesityksiä sekä sotilaallisten ja ketterien menetelmien parhaita käytänteitä. Tutkimuksen viitekehys oli hyvin laaja ja tämän vuoksi tulokset eivät ole yksityiskohtaisia. Laaditun toimintamallin suurin merkitys on sen uutuusarvossa ja pohjassa jatkokehittämiselle. The goal of red teaming is to create better plans, policies, procedures and products in any domain by challenging the current ones. This calls for assessment and critique of status quo. Red teaming is about mitigating future risks and communicating bad news. Red teaming research has focused in adversary emulation and penetration testing practices somewhat disregarding the remediations which are the key in building better security. Cyber threats are evolving and so should cyber red teaming research. Red teaming efforts should be conducted through a comprehensive planning and execution process which considers the complete information security lifecycle starting from planning of intelligence activities and ending to implementing remediations for security to the target organization. Red teaming should be a process that can be understood and adopted by organization and it should be also transparent and traceable. The research problem was to create a comprehensive agile red teaming framework by combining adaptive planning and execution framework in information security context. Design science research methodology was used to solve this challenge. Solid knowledge base and environment description about red teaming and information security was completed in accordance with information systems research framework. Adaptive planning and execution framework, intelligence, targeting and agile methodologies were introduced to support the creation of the framework. Challenges in red teaming were identified by a survey to five cyber security companies. Challenges were remediated by success factors identified from literature and survey. The framework was created, and it underwent two Delphi iterations with subject matter experts. Main result of the study is the comprehensive agile red teaming framework which incorporates the remediations drawn from subject matter experts, military and agile methods. The scope of this study was wide and therefore results can be considered general. The significance of the created framework lies in its novelty and possibilities to adapt it to any red teams’ purposes due to general outcome. Framework delivers a good basis for future work.
first_indexed 2019-08-14T20:02:17Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Tuovinen, Jussi", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Frilander, Kimmo", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-08-14T06:28:54Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-08-14T06:28:54Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/65230", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Red teaming toiminnan tavoitteena on luoda parempia suunnitelmia, tuotteita tai k\u00e4yt\u00e4nteit\u00e4 mill\u00e4 tahansa toimialalla haastamalla ja kyseenalaistamalla nykyisi\u00e4 malleja. Toiminnan ytimess\u00e4 on etenkin tulevaisuuden riskien hallinta ja huonojen uutisten kommunikointi. Nykyinen red teaming tutkimus on painottunut pitk\u00e4lti teknisiin penetraatiotestauksen k\u00e4yt\u00e4nteisiin ja uhkatoiminnan mallintamiseen. Ongelmien korjaaminen on j\u00e4\u00e4nyt osin paitsioon, vaikka se on edellytys paremman turvallisuuden rakentamiselle. Kyberuhat kehittyv\u00e4t jatkuvasti, joten red teaming tutkimuksen tulee my\u00f6s kehitty\u00e4. Red teaming tulisi toteuttaa kokonaisvaltaisena suunnittelu- ja toimeenpanoprosessina, joka huomioi koko turvallisuuden elinkaaren alkaen tiedustelusta ja suunnittelusta p\u00e4\u00e4ttyen kohdeorganisaation turvallisuuden kehitt\u00e4miseen. Red teamingin tulisi olla ymm\u00e4rrett\u00e4v\u00e4, l\u00e4pin\u00e4kyv\u00e4 ja j\u00e4ljitett\u00e4viss\u00e4 oleva prosessi, jonka organisaatiot voivat omaksua. Tutkimusongelmana oli luoda kokonaisvaltainen ja ketter\u00e4 red teamingin toimintamalli sotilaallisen adaptiivisen suunnittelun ja toimeenpanon mallin pohjalta kyberturvallisuuden viitekehyksess\u00e4. Ongelman ratkaisemiseen k\u00e4ytettiin suunnittelutieteellist\u00e4 metodologiaa tietoj\u00e4rjestelm\u00e4tutkimuksen viitekehyksess\u00e4. Ensin luotiin perusta ja tutkimusymp\u00e4rist\u00f6n kuvaus tietoturvasta sek\u00e4 red teamingist\u00e4. Sitten esiteltiin adaptiivinen suunnittelu- ja toimeenpanomalli, tiedustelu ja maalittaminen sek\u00e4 ketteri\u00e4 menetelmi\u00e4. T\u00e4m\u00e4n j\u00e4lkeen viidelle kyberturvallisuusyritykselle toteutettiin kyselytutkimus red teaming toiminnan haasteista. Tulokset analysoitiin teemoittelemalla ja haasteisiin vastattiin luomalla red teamingin kokonaisvaltainen toimintamalli tutkimuskirjallisuuden sek\u00e4 kyselytutkimuksen menestystekij\u00f6iden perusteella. Mallia testattiin yritysten asiantuntijoille suunnatulla kaksikierroksisella Delphi kyselyll\u00e4. Tutkimuksen tuloksena syntyi kokonaisvaltainen red teamingin toimintalli mihin sis\u00e4llytettiin asiantuntijoiden kehitysesityksi\u00e4 sek\u00e4 sotilaallisten ja ketterien menetelmien parhaita k\u00e4yt\u00e4nteit\u00e4. Tutkimuksen viitekehys oli hyvin laaja ja t\u00e4m\u00e4n vuoksi tulokset eiv\u00e4t ole yksityiskohtaisia. Laaditun toimintamallin suurin merkitys on sen uutuusarvossa ja pohjassa jatkokehitt\u00e4miselle.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The goal of red teaming is to create better plans, policies, procedures and products in any domain by challenging the current ones. This calls for assessment and critique of status quo. Red teaming is about mitigating future risks and communicating bad news. Red teaming research has focused in adversary emulation and penetration testing practices somewhat disregarding the remediations which are the key in building better security. Cyber threats are evolving and so should cyber red teaming research. Red teaming efforts should be conducted through a comprehensive planning and execution process which considers the complete information security lifecycle starting from planning of intelligence activities and ending to implementing remediations for security to the target organization. Red teaming should be a process that can be understood and adopted by organization and it should be also transparent and traceable. The research problem was to create a comprehensive agile red teaming framework by combining adaptive planning and execution framework in information security context. Design science research methodology was used to solve this challenge. Solid knowledge base and environment description about red teaming and information security was completed in accordance with information systems research framework. Adaptive planning and execution framework, intelligence, targeting and agile methodologies were introduced to support the creation of the framework. Challenges in red teaming were identified by a survey to five cyber security companies. Challenges were remediated by success factors identified from literature and survey. The framework was created, and it underwent two Delphi iterations with subject matter experts. Main result of the study is the comprehensive agile red teaming framework which incorporates the remediations drawn from subject matter experts, military and agile methods. The scope of this study was wide and therefore results can be considered general. The significance of the created framework lies in its novelty and possibilities to adapt it to any red teams\u2019 purposes due to general outcome. Framework delivers a good basis for future work.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2019-08-14T06:28:54Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-08-14T06:28:54Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "178", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Red teaming", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cyber security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "risk management", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "penetration testing", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "intelligence", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "targeting", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "military decision making", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "mission command", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "agile", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "informaatioturvallisuus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "penetraatiotestaus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tiedustelu", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "suunnitteluprosessi", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tilannejohtaminen", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ketteryys", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201908143830", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ketter\u00e4t menetelm\u00e4t", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tiedustelu", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskienhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "agile methods", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "intelligence and reconnaissance", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "risk management", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_65230
language eng
last_indexed 2025-02-18T10:55:33Z
main_date 2019-01-01T00:00:00Z
main_date_str 2019
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/ef5207a1-5bd0-4da8-a336-b807f0f8ff8d\/download","text":"URN:NBN:fi:jyu-201908143830.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2019
record_format qdc
source_str_mv jyx
spellingShingle Tuovinen, Jussi Frilander, Kimmo Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework Red teaming cyber security information security risk management penetration testing intelligence targeting military decision making mission command agile informaatioturvallisuus penetraatiotestaus tiedustelu suunnitteluprosessi tilannejohtaminen ketteryys Tietojenkäsittelytiede Computer Science 601 ketterät menetelmät riskienhallinta kyberturvallisuus agile methods intelligence and reconnaissance
title Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework
title_full Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework
title_fullStr Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework
title_full_unstemmed Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework
title_short Militarizing red teaming
title_sort militarizing red teaming agile and scalable process for cyber red teaming using adaptive planning and execution framework
title_sub agile and scalable process for cyber red teaming using adaptive planning and execution framework
title_txtP Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework
topic Red teaming cyber security information security risk management penetration testing intelligence targeting military decision making mission command agile informaatioturvallisuus penetraatiotestaus tiedustelu suunnitteluprosessi tilannejohtaminen ketteryys Tietojenkäsittelytiede Computer Science 601 ketterät menetelmät riskienhallinta kyberturvallisuus agile methods intelligence and reconnaissance
topic_facet 601 Computer Science Red teaming Tietojenkäsittelytiede agile agile methods cyber security informaatioturvallisuus information security intelligence intelligence and reconnaissance ketteryys ketterät menetelmät kyberturvallisuus military decision making mission command penetraatiotestaus penetration testing risk management riskienhallinta suunnitteluprosessi targeting tiedustelu tilannejohtaminen
url https://jyx.jyu.fi/handle/123456789/65230 http://www.urn.fi/URN:NBN:fi:jyu-201908143830
work_keys_str_mv AT tuovinenjussi militarizingredteamingagileandscalableprocessforcyberredteamingusingadaptiveplanni