Comprehensive and Detailed Step-by-Step Explanation:
Risk-based vulnerability management prioritizes vulnerabilities based on the potential impact on critical assets.
A. The information available about the vulnerability: While important for assessing risk, it does not directly determine the priority.
B. The sensitivity of the asset and the data it contains: This is the BEST answer because prioritizing vulnerabilities based on the criticality of the affected assets ensures that high-impact threats are addressed first.
C. IT resource availability and constraints: These are logistical considerations but should not outweigh risk impact.
D. Whether patches have been developed and tested: Patches are important for remediation but do not determine prioritization.
[Reference: CISM Job Practice Area 2 (Risk Management) emphasizes considering asset criticality when prioritizing vulnerabilities., , , , , , , ]
Submit