During a penetration test, you determined several vulnerabilities within the client's network. If you were prioritizing the risks for remediation in the written report, which of the following would BEST guide your risk prioritization strategy?
Order vulnerabilities solely by their severity ranking from a vulnerability scanning tool.
Organize the priorities based on the frequency of exploits for the vulnerabilities observed in recent threat intelligence reports.
Prioritize vulnerabilities based on the combination of their likelihood of exploitation and potential business impact.
Rank vulnerabilities by the ease and speed of implementing their fixes.