ABSTRACT
Vulnerability management (VM) is a subject that fits nicely into all of the other management disciplines found in frameworks such as infrastructure library (ITIL), ISO 17799, and ISO 27001. These disciplines are generally created for the purpose of dealing with the persistent industrial stream of some phenomena that is a direct consequence of business activities. Taking the ITIL framework as an example, incident management, a set of processes supported by people and technology, addresses faults in IT infrastructure. Those faults are not part of the normal operation of the infrastructure and underlying services.
