We all know that Cyber Security is a journey. Each vulnerability discovered can, and should, take the form of a Project to remediate., monitor and manage....
As part of our Services, we at Gailey Solutions "Risk Rank" and prioritize each vulnerability found with a proprietary method to generate a CVSS score, as a function of consequences, if not remediated. We provide a prioritized POA&M. All vulnerabilities are not critical, and can be risk ranked.
Resources are always scarce. It is the business' decision as to the amount of Risk that is acceptable to the business vs the amount of budget to assign to Cyber Security. We help identify the Risks (Vulnerabilities), give suggestions on what remediation efforts will entail from a level of effort and cost perspective. Again, it is a journey. Budget planning and Risk tolerance are major factors for business planning.