Sara, a security manager, has decided to force expiration of all company passwords by the close of business
day. Which of the following BEST supports this reasoning?
A recent security breach in which passwords were cracked.
Implementation of configuration management processes.
Enforcement of password complexity requirements.
Implementation of account lockout procedures.
A password only needs to be changed if it doesn’t meet the compliance requirements of the company’s
password policy, or is evidently insecure. It will also need to be changed if it has been reused, or due to
possible compromise as a result of a system intrusion.