The Common Vulnerability Scoring System (CVSS) is a standardized framework for assessing the severity of vulnerabilities. It provides a numerical score (0-10) based on factors such as exploitability, impact, and complexity, helping security analysts prioritize remediation efforts based on risk.
Business impact analysis (A) helps identify critical business functions but does not specifically prioritize vulnerabilities.
Risk register (C) tracks identified risks but does not classify vulnerabilities.
Exposure factor (D) is used in quantitative risk assessment but is not an industry standard for vulnerability prioritization.
Reference:
CompTIA Security+ SY0-701 Official Study Guide, Risk Management domain.