Considerations for classifying risk vectors, findings, and vulnerabilities. This includes how a particular malware family is classified as Compromised Systems risk vectors.