CISM Certified Information Security Manager – Question0530

In the event that a password policy cannot be implemented for a legacy application, which of the following is the BEST course of action?

A.
Update the application security policy.
B. Implement compensating control.
C. Submit a waiver for the legacy application.
D. Perform an application security assessment.

Correct Answer: B