Pete, a security analyst, has been informed that the development team has plans to develop an
application which does not meet the company’s password policy. Which of the following should
Pete do NEXT?
A.
Contact the Chief Information Officer and ask them to change the company password policy so
that the application is made compliant.
B.
Tell the application development manager to code the application to adhere to the company’s
password policy.
C.
Ask the application development manager to submit a risk acceptance memo so that the issue
can be documented.
D.
Inform the Chief Information Officer of non-adherence to the security policy so that the
developers can be reprimanded.