As you are reviewing the results of your various scans what

As you are reviewing the results of your various scans, what factors do you believe you would take into consideration when determining priority? The priority would be used to determine remediation efforts. So, if you are looking at port scans and vulnerability scans, how would you go about figuring out which results you would determine needed to be fixed first and which ones were more critical than others. Do you believe that criticality is the only factor in determining what order you resolve issues in?

Solution

I assume that virus scan have found some malware or threats in the system which needs to be fixed for smoother operation of the system.

Factors for determining priority of fix:

1. Potential business loss value
2. Type of threat - Virus / Worm / etc...
3. Risk of the threat
4. Business criticality of the part which is affected
5. Any inherent order in fixing the issues. E.g. Virus in operating system should be removed before removing virus from the pen drive

As mentioned earlier, criticality is not the only factor in determing the order of issue fix, factors like inherent order in issue fix, type and risk of the threat, etc... are also important in finalising the order of issue fix.