A vulnerability manager is prioritizing remediation. Which factors should influence risk-based priority? (Choose three.)
Trap 1: Alphabetical order of the CVE identifier
CVE ordering has no risk meaning.
- A
Internet exposure of the affected asset
External reachability increases likelihood of attack.
- B
Alphabetical order of the CVE identifier
Why wrong: CVE ordering has no risk meaning.
- C
Known exploitation in the wild
Active exploitation increases urgency.
- D
Business criticality of the affected service
Impact depends on the service supported by the asset.