During a penetration test, you determined several vulnerabilities within the client's network. If you were prioritizing the risks for remediation in the written report, which of the following would BEST guide your risk prioritization strategy?
Rank vulnerabilities by the ease and speed of implementing their fixes.
Prioritize vulnerabilities based on the combination of their likelihood of exploitation and potential business impact.
Order vulnerabilities solely by their severity ranking from a vulnerability scanning tool.
Organize the priorities based on the frequency of exploits for the vulnerabilities observed in recent threat intelligence reports.