A cybersecurity analyst is preparing a vulnerability management report for executive leadership. A key requirement for the report is a 'Top 10' list to guide remediation priorities. To create the most effective and actionable list, which data points should the analyst primarily focus on?
A list of the top 10 hosts with the highest number of total vulnerabilities
Vulnerabilities with the highest risk scores, which consider asset criticality and active threats
The 10 most recently disclosed zero-day vulnerabilities reported in industry news
The 10 vulnerabilities that have existed in the environment for the longest period of time
In modern vulnerability management, creating a 'Top 10' list for prioritization requires a risk-based approach. The most effective method combines the technical severity of a vulnerability (often represented by a CVSS score) with business context, such as the criticality of the affected asset, and current threat intelligence indicating if the vulnerability is being actively exploited. Focusing only on vulnerability age, the number of vulnerabilities per host, or general industry news about zero-days is less effective than prioritizing confirmed vulnerabilities based on their actual risk to the organization.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What factors determine which vulnerabilities make it into the 'Top 10' list?
Open an interactive chat with Bash
How does the 'Top 10' list help in vulnerability management?
Open an interactive chat with Bash
What tools are commonly used to identify vulnerabilities for the 'Top 10' list?