After the potential risk levels and impacts are being calculated, the responsible team must take appropriate actions to deal with the vulnerability that is most significant.
Determine which information asset will cause potential problems to the public, clients, organization, and application users if it is compromised.
Optimal control recommendation which is in line with the priorities of stakeholders and executive management.
There are insufficient experts to guide less experienced information security analyst to conduct web application vulnerability assessment’s risk assessment.
Unreliability of risk assessment resulting from expert under unfeasible condition.