A business unit recently integrated the organization’s new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager’s BEST course of action to address this situation?
Who should decide whether a specific control should be changed once risk is approved for mitigation?
Which of the following would BEST fulfill a board of directors' request for a concise overview of information security risk facing the business?
Of the following, who should own the risk associated with unauthorized access to application data?
Communicating which of the following would be MOST helpful to gain senior management support for risk treatment options?
What is the MOST important consideration when establishing metrics for reporting to the information security strategy committee?
