fullrecord |
[{"key": "dc.contributor.advisor", "value": "Lehto, Martti", "language": "", "element": "contributor", "qualifier": "advisor", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Tuovinen, Jussi", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.contributor.author", "value": "Frilander, Kimmo", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-08-14T06:28:54Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-08-14T06:28:54Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/65230", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "Red teaming toiminnan tavoitteena on luoda parempia suunnitelmia, tuotteita tai k\u00e4yt\u00e4nteit\u00e4 mill\u00e4 tahansa toimialalla haastamalla ja kyseenalaistamalla nykyisi\u00e4 malleja. Toiminnan ytimess\u00e4 on etenkin tulevaisuuden riskien hallinta ja huonojen uutisten kommunikointi. Nykyinen red teaming tutkimus on painottunut pitk\u00e4lti teknisiin penetraatiotestauksen k\u00e4yt\u00e4nteisiin ja uhkatoiminnan mallintamiseen. Ongelmien korjaaminen on j\u00e4\u00e4nyt osin paitsioon, vaikka se on edellytys paremman turvallisuuden rakentamiselle. Kyberuhat kehittyv\u00e4t jatkuvasti, joten red teaming tutkimuksen tulee my\u00f6s kehitty\u00e4. Red teaming tulisi toteuttaa kokonaisvaltaisena suunnittelu- ja toimeenpanoprosessina, joka huomioi koko turvallisuuden elinkaaren alkaen tiedustelusta ja suunnittelusta p\u00e4\u00e4ttyen kohdeorganisaation turvallisuuden kehitt\u00e4miseen. Red teamingin tulisi olla ymm\u00e4rrett\u00e4v\u00e4, l\u00e4pin\u00e4kyv\u00e4 ja j\u00e4ljitett\u00e4viss\u00e4 oleva prosessi, jonka organisaatiot voivat omaksua. Tutkimusongelmana oli luoda kokonaisvaltainen ja ketter\u00e4 red teamingin toimintamalli sotilaallisen adaptiivisen suunnittelun ja toimeenpanon mallin pohjalta kyberturvallisuuden viitekehyksess\u00e4. Ongelman ratkaisemiseen k\u00e4ytettiin suunnittelutieteellist\u00e4 metodologiaa tietoj\u00e4rjestelm\u00e4tutkimuksen viitekehyksess\u00e4. Ensin luotiin perusta ja tutkimusymp\u00e4rist\u00f6n kuvaus tietoturvasta sek\u00e4 red teamingist\u00e4. Sitten esiteltiin adaptiivinen suunnittelu- ja toimeenpanomalli, tiedustelu ja maalittaminen sek\u00e4 ketteri\u00e4 menetelmi\u00e4. T\u00e4m\u00e4n j\u00e4lkeen viidelle kyberturvallisuusyritykselle toteutettiin kyselytutkimus red teaming toiminnan haasteista. Tulokset analysoitiin teemoittelemalla ja haasteisiin vastattiin luomalla red teamingin kokonaisvaltainen toimintamalli tutkimuskirjallisuuden sek\u00e4 kyselytutkimuksen menestystekij\u00f6iden perusteella. Mallia testattiin yritysten asiantuntijoille suunnatulla kaksikierroksisella Delphi kyselyll\u00e4. Tutkimuksen tuloksena syntyi kokonaisvaltainen red teamingin toimintalli mihin sis\u00e4llytettiin asiantuntijoiden kehitysesityksi\u00e4 sek\u00e4 sotilaallisten ja ketterien menetelmien parhaita k\u00e4yt\u00e4nteit\u00e4. Tutkimuksen viitekehys oli hyvin laaja ja t\u00e4m\u00e4n vuoksi tulokset eiv\u00e4t ole yksityiskohtaisia. Laaditun toimintamallin suurin merkitys on sen uutuusarvossa ja pohjassa jatkokehitt\u00e4miselle.", "language": "fi", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The goal of red teaming is to create better plans, policies, procedures and products in any domain by challenging the current ones. This calls for assessment and critique of status quo. Red teaming is about mitigating future risks and communicating bad news. Red teaming research has focused in adversary emulation and penetration testing practices somewhat disregarding the remediations which are the key in building better security. Cyber threats are evolving and so should cyber red teaming research. Red teaming efforts should be conducted through a comprehensive planning and execution process which considers the complete information security lifecycle starting from planning of intelligence activities and ending to implementing remediations for security to the target organization. Red teaming should be a process that can be understood and adopted by organization and it should be also transparent and traceable. The research problem was to create a comprehensive agile red teaming framework by combining adaptive planning and execution framework in information security context. Design science research methodology was used to solve this challenge. Solid knowledge base and environment description about red teaming and information security was completed in accordance with information systems research framework. Adaptive planning and execution framework, intelligence, targeting and agile methodologies were introduced to support the creation of the framework. Challenges in red teaming were identified by a survey to five cyber security companies. Challenges were remediated by success factors identified from literature and survey. The framework was created, and it underwent two Delphi iterations with subject matter experts. Main result of the study is the comprehensive agile red teaming framework which incorporates the remediations drawn from subject matter experts, military and agile methods. The scope of this study was wide and therefore results can be considered general. The significance of the created framework lies in its novelty and possibilities to adapt it to any red teams\u2019 purposes due to general outcome. Framework delivers a good basis for future work.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Miia Hakanen (mihakane@jyu.fi) on 2019-08-14T06:28:54Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-08-14T06:28:54Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "178", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "Red teaming", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "cyber security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "information security", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "risk management", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "penetration testing", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "intelligence", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "targeting", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "military decision making", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "mission command", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "agile", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "informaatioturvallisuus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "penetraatiotestaus", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tiedustelu", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "suunnitteluprosessi", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "tilannejohtaminen", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "ketteryys", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Militarizing red teaming : agile and scalable process for cyber red teaming using adaptive planning and execution framework", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201908143830", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "ketter\u00e4t menetelm\u00e4t", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "tiedustelu", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "riskienhallinta", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kyberturvallisuus", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "agile methods", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "intelligence and reconnaissance", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "risk management", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cyber security", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
|