1. Insecure ID Management and Access Control
2. Poor or Non-Existent Business Continuity and Disaster Recovery Practices
3. Slow or Delayed Incident Notification
4. System Misconfigurations
5. Inadequate Vulnerability Management Practices
6. Third Party Component Risk