Risk management and Vulnerability management are both essential cybersecurity domains. They are often managed independently without a proper interface to provide context information to each other’s and share information. This paper proposes an approach to connect risk management and vulnerability management processes and provide automation in both ways to help to categorize and sort a large number of vulnerabilities and build operational risk scenarios relevant to the business. A four steps approach presents the process for connecting and adjusting information from Operational Scenario (OpeSce) and Vulnerabilities: STEP 1 Link Operational Scenarios and Vulnerabilities, STEP 2 Re-assessment scoring of the Operational Scenario, STEP 3 Re-assessment scoring of the Vulnerabilities.