During a penetration test, you determined several vulnerabilities within the client's network. If you were prioritizing the risks for remediation in the written report, which of the following would BEST guide your risk prioritization strategy?
Prioritize vulnerabilities based on the combination of their likelihood of exploitation and potential business impact.
Organize the priorities based on the frequency of exploits for the vulnerabilities observed in recent threat intelligence reports.
Order vulnerabilities solely by their severity ranking from a vulnerability scanning tool.
Rank vulnerabilities by the ease and speed of implementing their fixes.