RISK ASSESSMENT AND MITIGATION AT THE INFORMATION TECHNOLOGY COMPANIES

Download This Article

Ben Marx ORCID logo, Deon Oosthuizen

https://doi.org/10.22495/rcgv6i2art6

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Abstract

Developing computer software that is free from material defects is the ultimate goal for software developers; however, due to the cost and complexity of software development, it is a goal that is unlikely to be achieved. As a consequence of the inevitable defects that manifest within computer software, the task of software patch management becomes a key focus area for software companies, IT departments, and even end users. Audit departments, as part of their responsibilities, are required to provide assurance on the patching process and therefore need to understand the various decision-making factors. Software flaws that exist within computer systems may put confidential information at risk and may also compromise the availability of such systems. The study investigated the recommended approaches for the task of software patching, with a view to balancing the sometimes conflicting requirements of security and system availability. The study found that there are a number of key aspects that are required to ensure a successful patching process and that the internal auditors of the ‘big four’ South African banks considered most of these factors to be important.

Keywords: Software Patches, Software Patch Management, Software Flaws, Risk Assessment, Risk Mitigation, Confidentiality, Integrity, Availability, Downtime, Information Security

How to cite this paper: Marx, B., & Oosthuizen, D. (2016). Risk assessment and mitigation at the information technology companies. Risk governance & control: financial markets & institutions, 6(2), 44-51. https://doi.org/10.22495/rcgv6i2art6