This phase will allow you to take your vulnerabilities and begin to evaluate them. It includes triaging your vulnerabilities, as well as determining the risk they pose based on their intrinsic qualities and how they affect sensitive data or business-critical operations. This phase will take you through the following activities:
- Triage vulnerabilities.
- Evaluate identified vulnerabilities based on intrinsic qualities.
- Determine high-level business criticalities.
- Determine high-level data classifications.
- Assign urgencies to vulnerabilities based on the classifications.