A survey of your firm’s information technology infrastructure has produced the following security analysis statistics:

High risk vulnerabilities include non-authorized users accessing applications, guessable passwords, user names matching the password, active user accounts with missing passwords, and the existence of unauthorized programs in application systems.
Medium risk vulnerabilities include the ability of users to shut down the system without being logged on, passwords and screen saver settings that were not established for PCs, and outdated versions of software still being stored on hard drives.
Low risk vulnerabilities include the inability of users to change their passwords, user passwords that have not been changed periodically, and passwords that were smaller than the minimum size specified by the company.