Abstract
Developing computer software that is free from material defects is the ultimate goal for software developers; however, due to the cost and complexity of software development, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decision-making factors. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important.
Original language | English |
---|---|
Pages (from-to) | 44-51 |
Number of pages | 8 |
Journal | Risk Governance and Control: Financial Markets and Institutions |
Volume | 6 |
Issue number | 2 |
DOIs | |
Publication status | Published - 1 Mar 2016 |
Keywords
- Availability
- Confidentiality
- Downtime
- Information security
- Integrity
- Risk assessment
- Risk mitigation
- Software flaws
- Software patch management
- Software patches
ASJC Scopus subject areas
- Finance
- Economics and Econometrics
- Strategy and Management