Vulnerability management is a critical and sometimes neglected aspect of information security. It consists of two main parts: awareness and action. First, the security practitioner must be aware of the vulnerabilities that exist in an organisation's systems and understand how dangerous each one is. Second, that information must feed into an ongoing process of addressing vulnerabilities by updating the vulnerable systems or otherwise mitigating their severity.
