Organizations should regularly assess the security and vulnerability of their information systems. For example, they should test existing "hacker scripts" and password "crackers" against their systems monthly.