Acme Corp identified multiple weaknesses in its infrastructure. They want a structured way to weigh each one by potential effect and urgency so they can assign remediation in a sensible order. Which approach best supports that goal?
Use a scoring model that assigns numeric values to effect and likelihood, then address the highest totals first
Follow the sequence of another organization’s remediation plan to ensure external alignment
Remediate newly discovered issues first to keep tasks as current as possible
Rely on monthly reviews of each department’s priorities to select fixes deemed simplest to complete
Assigning numeric scores to issues based on effect and likelihood typically produces a clear overall figure for each weakness. This minimizes guesswork and helps personnel address issues strategically. Approaches that focus on external trends, new items first, or rushing easier fixes may fail to account for high-impact vulnerabilities.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a scoring model in IT risk management?
Open an interactive chat with Bash
Why are effect and likelihood important in a scoring model?
Open an interactive chat with Bash
How does a scoring model differ from other remediation approaches?