Enterprise security measures

The invention claimed is: 1. An electronic computing device comprising: a processing unit; and system memory, the system memory including instructions that, when executed by the processing unit, cause the electronic computing device to: receive a vulnerability; generate a user score for each of a plurality of users within an enterprise, wherein the user score is generated based on a set of characteristics including: behavioral data, user device data, and user status data; generate a threat score for the vulnerability: based on the user score and the threat score, generate a composite score for each of the plurality of users within the enterprise; generate a user rank using the user score generated for each of the plurality of users within the enterprise; acquire the security patch that addresses the vulnerability; and based on the composite score, implement a security measure across the enterprise in a sequential order according to the user rank; wherein implementing the security measure includes publishing the security patch to the plurality of users according to the user rank. 2. The electronic computing device of claim 1 , wherein the security measure is a security patch. 3. The electronic computing device of claim 1 , wherein publishing the security patch includes sending a reminder to update after a predetermined period of time. 4. The electronic computing device of claim 3 , wherein the behavioral data include behavioral patterns and access patterns; wherein the user device data includes at least one of: a type of a user device associated with a user and a type of processes used by the user device associated with the user; and wherein the user status data includes at least one of: a corporate rank of the user and a system access level for the user. 5. The electronic computing device of claim 4 , wherein the behavioral patterns include at least one of the following: a browsing history of the user, a volume of junkmail, a previous computing device infection, a volume of phishing email; and wherein the access patterns include at least one of the following: a quantity of unique devices used by the user to access enterprise-related data, and an access pattern of the user including time of day. 6. The electronic computing device of claim 1 , wherein the threat score is generated based on a third party vulnerability score and an internal vulnerability score. 7. The electronic computing device of claim 6 , wherein the third party vulnerability score is publicly available; and wherein the internal vulnerability score is generated based on a system or a device type affected by the vulnerability. 8. The electronic computing device of claim 7 , wherein the internal vulnerability score is additionally generated based on at least one of the following: a device level importance, a regulation status, and a data sensitivity level. 9. The electronic computing device of claim 1 , wherein if a user does not perform an update with the security patch within a first predetermined time period, the system memory further includes instructions that, when executed by the processing unit, cause the electronic computing device to: activate a security module on a user device to lock out a device capability affected by the vulnerability on the user device. 10. The electronic computing device of claim 9 , wherein if the user does not perform the update with the security patch within a second predetermined time period, the system memory further includes instructions that, when executed by the processing unit, cause the electronic computing device to: deactivate a user's access to data within the enterprise. 11. A computer-implemented method, comprising: receiving a vulnerability; generating a user score for each of a plurality of users within an enterprise; generating a threat score for the vulnerability, wherein the threat score is generated based on a third party vulnerability score and an internal vulnerability score; based on the user score and the threat score, generating a composite score; generating a user rank using the user score generated for each of the plurality of users, the user rank being generated for each of the plurality of users within the enterprise; receiving a security measure; and based on the composite score and the user rank, implementing the security measure across the enterprise in a sequential order according to the user rank, wherein implementing the security measure includes publishing a security patch to the plurality of users according to the user rank. 12. The method of claim 11 , wherein the security measure is a patch or an update. 13. The method of claim 12 , wherein the user score is generated based on a set of characteristics including: behavioral data, user device data, and user status data. 14. The method of claim 13 , wherein the behavioral data include behavioral patterns and access patterns; wherein the user device data includes at least one of: a type of a user device associated with a user and a type of processes used by the user device associated with the user; wherein the user status data includes at least one of: a corporate rank of the user and a system access level for the user; wherein the behavioral patterns include at least one of the following: a browsing history of the user, a volume of junkmail, a previous computing device infection, a volume of phishing email; and wherein the access patterns include at least one of the following: a quantity of unique devices used by the user to access enterprise-related data, and an access pattern of the user including time of day. 15. The method of claim 14 , wherein the third party vulnerability score is publicly available; and wherein the internal vulnerability score is generated based on an enterprise device report, the enterprise device report including a system or a device affected by the vulnerability. 16. The method of claim 15 , wherein the internal vulnerability score is additionally generated based on at least one of the following: a device level importance, a regulation status, an internally- versus externally-facing status, and a data sensitivity level; wherein if the user does not install the patch or the update within a first predetermined time period, activating a security module on the user device to lock out the vulnerability on the user device; and wherein if the user does not install the patch or the update within a second predetermined time period, deactivating a user access to data within the enterprise. 17. A system for managing security within an enterprise, comprising: a computer-readable, non-transitory data storage memory comprising instructions that, when executed by a processing unit of an electronic computing device, cause the processing unit to: receive a vulnerability; generate a user device score for each of a plurality of user devices within the enterprise based on user device data, wherein the user device data includes at least one of: a type of a user device and a type of data processes used by the user device; generate a threat score for the vulnerability, wherein the threat score is generated based on a third party vulnerability score and an internal vulnerability score; based on the user device score and the threat score, generate a composite score; generate a user score for each of a plurality of users within the enterprise, wherein the user score is generated based on a set of characteristics including: behavioral data and user status data; wherein the behavioral data include behavioral patterns and access patte