ISACA Exam Questions

Passwords should be:

Passwords should be:

assigned by the security administrator for first time logon.

changed every 30 days at the discretion of the user.

reused often to ensure the user does not forget the password.

displayed on the screen so that the user can ensure that it has been entered properly.

Initial password assignment should be done discretely by the security administrator. Passwords
should be changed often (e.g., every 30 days); however, changing should not be voluntary, it should
be required by the system. Systems should not permit previous passwords to be used again. Old
passwords may have been compromised and would thus permit unauthorized access. Passwords
should not be displayed in any form.