Watch this video on YouTube
How should the information security manager determine the necessity for remedial action when the company's mail server allows anonymous FTP access?