CISM Certified Information Security Manager – Question0768

A new system has been developed that does not comply with password-aging rules. This noncompliance can BEST be identified through:

A.
a business impact analysis
B. an internal audit assessment
C. an incident management process
D. a progressive series of warnings

Correct Answer: B