The role of security patch management in vulnerability management
Koskenkorva, Helena (2021)
Koskenkorva, Helena
2021
All rights reserved. This publication is copyrighted. You may download, display and print it for Your own personal use. Commercial use is prohibited.
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-2021120924851
https://urn.fi/URN:NBN:fi:amk-2021120924851
Tiivistelmä
The thesis was commissioned by a global IT and business consulting services firm, referred to as the commissioner in the report. The objective was to understand the role of security patch management in the vulnerability management domain and to determine possible development suggestions in the present state.
The main goal of the theory part was to discuss the concepts of risk management, vulnerability management, and security patch management to provide a deeper theoretical understanding of these concepts and create a picture of how these three concepts intertwine.
The research objective was to gain in-depth and detailed information on the studied case, to solve an identified problem while not progressing to concrete solution implementation. Thus, a case study was used as a research method. Research data was gathered through semi-structured interviews (n=8), direct observation, and document reviews (n=4).
The study showed that security patch management has a significant role in vulnerability management as it acts as a remediation plan within vulnerability management. Furthermore, having a risk-based approach to vulnerability management is strongly present. Thus, the focus should also shift towards a risk-based security patch management strategy. Therefore, the need for effective and efficient risk management becomes evident; by being the initialising and unifying force in intertwining vulnerability management and security patch management.
The main goal of the theory part was to discuss the concepts of risk management, vulnerability management, and security patch management to provide a deeper theoretical understanding of these concepts and create a picture of how these three concepts intertwine.
The research objective was to gain in-depth and detailed information on the studied case, to solve an identified problem while not progressing to concrete solution implementation. Thus, a case study was used as a research method. Research data was gathered through semi-structured interviews (n=8), direct observation, and document reviews (n=4).
The study showed that security patch management has a significant role in vulnerability management as it acts as a remediation plan within vulnerability management. Furthermore, having a risk-based approach to vulnerability management is strongly present. Thus, the focus should also shift towards a risk-based security patch management strategy. Therefore, the need for effective and efficient risk management becomes evident; by being the initialising and unifying force in intertwining vulnerability management and security patch management.