IT security organizations need to become more effective at running cooperative processes across IT security and operations. IT security groups should influence security configuration management tool purchasing decisions. IT operations groups must prioritize security-related changes and also provide a business justification so that security changes can be weighed against other requests. Security groups that want to automate audit, analysis and remediation of configuration-oriented vulnerabilities need to cost-justify and purchase specialized security configuration tools. The majority of desktop and server vulnerabilities are caused by missing patches and configuration errors.”]
Source: https://www.csoonline.com/article/2118485/it-security-and-operational-management-must-converge.html