How do you rationalize assigning a risk impact/factor to an identified risk, threat, or vulnerability?

How do you rationalize assigning a risk impact/factor to an identified risk, threat, or vulnerability? (2 pts)
How do you prioritize similar risk impact/factor values of identified risks? How do you determine which “1” to prioritize? Why would you prioritize a “2” over a “1”? (4 pts)
Identify a risk-mitigation solution for each of the following risk factors. Provide a URL to support your solution
A user clicks on a phishing email (3 pts)
A computer is running an out-of-date OS (3 pts)
A publicly accessible wireless hotspot. (3 pts)
Inefficient firewall rules impact network performance (3 pts)
DDoS attack from outside the U.S. (3 pts)
Remote access from geographically distributed employees (3 pts)
Someone spilling a beverage on a server

Thanks for installing the Bottom of every post plugin by Corey Salzano. Contact me if you need custom WordPress plugins or website design.