METHOD AND DEVICE FOR SOFTWARE RISK MANAGEMENT WITHIN INFORMATION TECHNOLOGY (IT) INFRASTRUCTURE

摘要

This disclosure relates to a method and device for software risk management within an IT infrastructure. The method includes computing security risk factors for a plurality of software components based on available executables for the plurality of software components. A set of software components are identified from the plurality of components, such that, a security risk factor for each of the set of software components is greater than a predefined threshold. Thereafter, a compensating control is activated for at least one of the set of software components, when a compensating control mechanism is available for each of the at least one software component and the compensating control mechanism satisfies control criteria. The method includes dynamically deploying at least one continuous monitoring tool satisfying monitoring criteria, to monitor each of at least one remaining software component, for which compensating control mechanism is not available, for a predefined duration.