**Approach (brief)** Use a greedy, weighted knapsack-like scheduler: compute each asset's expected risk reduction per scan hour (ERRH) = (likelihood * impact * remediation_value) / scan_time, adjust with SLA deadlines as hard constraints and use priority boost for assets near SLA breach. Schedule highest ERRH while ensuring all SLA-critical assets are scanned before their SLA deadline windows.**Pseudocode**python
# Inputs: assets[] with {id, likelihood, impact, rem_val, scan_time, sla_deadline (timestamp), priority_level}
# capacity_hours: total scan hours available in planning window
# now: current timestamp
# compute score and SLA urgency
for a in assets:
a.errh = (a.likelihood * a.impact * a.rem_val) / a.scan_time
a.time_to_sla = a.sla_deadline - now
# SLA urgency factor: strong when time_to_sla small and priority_level high
a.urgency = max(0, (SLA_WINDOW_THRESHOLD - a.time_to_sla) / SLA_WINDOW_THRESHOLD) * (1 + a.priority_level)
a.score = a.errh * (1 + a.urgency * SLA_WEIGHT)
# hard-include assets that must be scanned before SLA (sort by time_to_sla)
mandatory = [a for a in assets if a.time_to_sla <= SLA_MUST_SCAN_WINDOW and a.priority_level >= HIGH]
mandatory.sort(key=lambda x: x.time_to_sla)
schedule = []
used = 0
for a in mandatory:
if used + a.scan_time <= capacity_hours:
schedule.append(a); used += a.scan_time
# fill remaining capacity by score
candidates = [a for a in assets if a not in schedule]
candidates.sort(key=lambda x: x.score, reverse=True)
for a in candidates:
if used + a.scan_time <= capacity_hours:
schedule.append(a); used += a.scan_time
return schedule
**Heuristic rationale**- ERRH focuses on risk reduction per unit time (maximize ROI of scan hours).- Urgency/SLA weight forces near-deadline high-priority assets ahead without scanning all low-value items.- Greedy is practical for real-time automation and integrates with scanner orchestration.**Complexity**- Sorting dominates: O(n log n). Single-pass selection O(n). Scales to thousands; can be batched or run with incremental updates.**Edge cases & extensions**- Chunk large scans, preemption, dependency handling, probabilistic update of likelihoods from threat intel, incorporate historical hit rates to refine rem_val.