Security maintenance of information technology (IT) infrastructure has gained tremendous popularity in recent years according to the diversity of the types of organizations involved from a small company to the government. However, the requirements of flexibility, scalability, and inexpensive initial investment in the usage of IT infrastructure are eclipsed by security concerns that stymie adoption. The information technology infrastructure, in particular, is highly adaptable but complicated, and it has been vulnerable to a variety of security threats, ranging from simple issues such as incorrect configuration to an IT security incident. Then, most of the existing IT security maintenance frameworks had lack of implementation because of complexity, no standard of action, and just for gathering information only. Moreover, a limited scholarly investigation has been undertaken to present a need for properly defined steps of the process approach in which a structured way of managing the IT security maintenance framework within any organization is provided. As a result, the primary goal of this study is to create a framework for IT infrastructure security maintenance. To attain the objectives, the study used a mixed-method technique in an explanatory sequential research. Firstly, an extensive literature review had been done. Then, the quantitative method begins with a descriptive study in order to determine components of the IT security maintenance framework. A total of 271 respondents were involved through a simple random sampling method to participate in the quantitative data collection. Likert structured type of closed questionnaire was distributed and the finding had been analyzed by using statistical analysis methods like Keiser-Meyer-and Bartlett’s Test. The suggested framework is validated using a qualitative method to ensure that it conforms to the current state of IT security infrastructure and is relevant to the targeted organization. Six experts in the disciplines of IT security and infrastructure participated in an in-depth semi-structured interview. Then, doing content and statistical analysis on the results of the findings. The results from this research managed to develop an IT security maintenance framework for IT infrastructure. (1) IT asset identification, (2) IT security breach identification, (3) IT security offensive protection, (4) IT security defensive protection, and (5) IT security objective protection are all part of the suggested framework. The proposed framework contributes to the field of IT security maintenance in the organization. The proposed framework provides awareness on knowing beforehand what to do and to what extent they are already conquering in the action of practical holistic information security management. Lastly, the proposed framework provides quality information for getting direction in the implementation of security maintenance for IT infrastructure.

To maintain secure web services and IT infrastructure, this has proposed the prototype of a vulnerability reporting system. Among these reporting systems developed to deal with problems of maintenance and analysis report management system which not yet been implemented in the cyber security scanning tool, Nessus. The system, which was designed to manage and analyze cyber security maintenance by focusing on vulnerability reports, was based on web-based technology. To ensure that the prototyping system could be used quickly, the development process employed the prototyping-rapid application development technique. The administrator of this system may easily manage and keep track of the report following the activity of scanning the cyber security maintenance for vulnerabilities.