Most cyber attacks exploit known vulnerabilities that could have been mitigated by the regular application of security patches or software updates.  What are the best practices for identifying vulnerabilities, prioritizing and managing them as effectively as possible?