There are, or should be, four basic phases in the ongoing cycle of maintaining a well-patched and up-to-date network:
Evaluate and plan
Each of these phases is essential to the successful management of patches on your network. Depending on the size and complexity of your network, you might combine phases and even bypass them on occasion. However, it’s good to have an understanding of the phases and to think through the steps involved in each one, even if you’re combining them.
The assess phase of patch management is all about understanding what your environment is, where and how it is vulnerable and can be attacked, and what resources and procedures are in place to ameliorate those vulnerabilities.