BRIDGING THE GAP IN VULNERABILITY MANAGEMENT : A tool for centralized cyber threat intelligence gathering and analysis

Abstract: A large number of organizations these days are offering some kind of digital services, relyon digital technologies for processing, storing, and sharing of information, are harvesting moderntechnologies to offer remote working arrangements and may face direct cybersecurity risks. Theseare some of the properties of a modern organization. The cybersecurity vulnerability managementprograms of most organizations have been relying on one-dimensional information to prioritizeefforts of remedying security flaws for many years. When combined with the ever-growing attacksurface of modern organizations, the number of vulnerabilities disclosed yearly and the limitedresources available to cybersecurity teams, this renders the goal of securing an organization almostimpossible. This thesis aims at reviewing existing methodologies as observed in academicliterature and in the industry, highlighting their disadvantages, as well as the importance of adynamic, data-driven and informed approach and finally providing a tool that can assist thevulnerability prioritization efforts and increase resource utilization and efficiency. The thesis isinspired by Design Science Research, to design and develop a web-based cybersecurity tool thatcan be utilized towards a data-rich and rigorous approach of Vulnerability Management, by relyingon various cyber threat intelligence metrics.