To ensure compliance with a security policy requiring that passwords be a combination of letters
and numbers, an IS auditor should recommend that:
A.
the company policy be changed.
B.
passwords are periodically changed.
C.
an automated password management tool be used.
D.
security awareness training is delivered.
Explanation:
The use of an automated password management tool is a preventive control measure. The software
would prevent repetition (semantic) and would enforce syntactic rules, thus making the passwords
robust. It would also provide a method for ensuring frequent changes and would prevent the same
user from reusing their old password for a designated period of time. Choices A, B and D do not
enforce compliance.