As you are reviewing the results of your various scans, what factors do you beli

Question

As you are reviewing the results of your various scans, what factors do you believe you would take into consideration when determining priority? The priority would be used to determine remediation efforts. So, if you are looking at port scans and vulnerability scans, how would you go about figuring out which results you would determine needed to be fixed first and which ones were more critical than others. Do you believe that criticality is the only factor in determining what order you resolve issues in? Original Answers Only Please!

Explanation / Answer

The factors that determine the priority of a vulnerability

Prioritizing vulnerability remediation should be based on the severity and impact of the vulnerability.

So when a vulnerability is found it has to be assessed and find till what extent it can affect. Weather a single user or groups or user or globally to everyone. Accordingly it will be marked as critical and the priority will increase.

As discussed earlier the more the impact of a vulnerability more the severity. The most severe onces need to be fixed first as this is the one that will have most impact if this occurs.

No criticality is not the only factor. The frequency usage of the impacted areas also need to be taken into consideration.

For example a vulnaribity states that is will affect legacy archival servers globally. So we can determine that these servers are not often are used and mostly a back reference if required so its rarely used. This example shows that even though it’s a global issue the frequency of usage is less.

Hence priority can be set lower to other vulnaribilities which affect a small portion but that portion is frequently used by others.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.