When a departmental system continues to be out of compliance with an information security policy’s password strength requirements, the BEST action to undertake is to:

When a departmental system continues to be out of compliance with an information security
policy’s password strength requirements, the BEST action to undertake is to:

When a departmental system continues to be out of compliance with an information security
policy’s password strength requirements, the BEST action to undertake is to:

A.
submit the issue to the steering committee.

B.
conduct an impact analysis to quantify the risks.

C.
isolate the system from the rest of the network.

D.
request a risk acceptance from senior management.

Explanation:

An impact analysis is warranted to determine whether a risk acceptance should be granted and to
demonstrate to the department the danger of deviating from the established policy. Isolating the
system would not support the needs of the business. Any waiver should be granted only after
performing an impact analysis.



Leave a Reply 0

Your email address will not be published. Required fields are marked *