An Exploratory Investigation into an Integrated Vulnerability and Patch Management Framework (thesis) - Questionnaire to citations list (working paper)

In the rapidly changing world of cybersecurity, the constant increase of vulnerabilities continues to be a prevalent issue for many organisations. Malicious actors are aware that most organisations cannot timeously patch known vulnerabilities and are ill-prepared to protect against newly created vulnerabilities where a signature or an available patch has not yet been created. Consequently, information security personnel face ongoing challenges to mitigate these risks. In the thesis research, the problem of remediation in a world of increasing vulnerabilities is considered. The current paradigm of vulnerability and patch management is reviewed using a pragmatic approach to all associated variables of these services / practices and, as a result, what is working and what is not working in terms of remediation is understood. In addition to the analysis, a working paper (in particular the questionnaire to citations list) was created through the literature review to document key themes and associated variables / questions, which are linked to the literature / citations. This working paper ultimately allowed for the creation of the thesis survey and the formulation of the research taxonomy to provide a graphical representation of all associated variables to vulnerability and patch management.