A security analyst is tasked with the vulnerability management process in an organization that follows strict regulatory compliance. After the latest vulnerability scan, several issues have been identified, but due to resource constraints not all can be immediately addressed. Which of the following should be the FIRST step in prioritizing which vulnerabilities to mitigate?
List the vulnerabilities in descending order of asset criticality.
Rank the vulnerabilities based on the potential scope of impact alone.
Apply risk management principles to determine the level of threat each vulnerability poses to the organization.
Prioritize based on which vulnerabilities require a patch available from the software vendor.
|Incident Response and Management
|Reporting and Communication