An emerging zero-day vulnerability has been detected in your organization's primary web server software. In drafting the vulnerability management report, which of the following metrics would be MOST crucial to include for the executive team to assess the immediate risk?
List of services affected by the vulnerability
Risk score derived from the combination of impact and exploitability
Proposed timelines for developing and deploying patches
The inclusion of a risk score is essential as it takes into account both the likelihood of the vulnerability being exploited and the potential impact of such an exploitation. While remediation timelines and affected services are important pieces of information, they do not, by themselves, convey the urgency or criticality of the situation to the executive team who may need to make fast, high-level decisions. The detailed evidence of exploitation might be more technical than necessary for an initial executive communication and does not demonstrate the overall risk the vulnerability poses to the organization.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are the components that contribute to the risk score?
Open an interactive chat with Bash
Why is it important for executives to understand the risk score rather than just remediation timelines?
Open an interactive chat with Bash
What is the role of active exploitation evidence in the context of vulnerability reporting?