CRISC Certified in Risk and Information Systems Control – Question608

A business unit has decided to accept the risk of implementing an off-the-shelf, commercial software package that uses weak password controls. The BEST course of action would be to:

A.
obtain management approval for policy exception
B. continue the implementation with no changes
C. develop an improved password software routine
D. select another application with strong password controls

Correct Answer: C