Certified Information Security Manager (CISM) — Question 1036

A business unit recently integrated the organization’s new strong password policy into its business application which requires users to reset passwords every 30 days. The help desk is now flooded with password reset requests. Which of the following is the information security manager’s BEST course of action to address this situation?

Answer options

• A. Conduct a business impact analysis (BIA)
• B. Provide end-user training
• C. Escalate to senior management
• D. Continue to enforce the policy

Correct answer: B

Explanation

The best course of action is to provide end-user training, as this can help users understand the importance of the password policy and how to manage their passwords effectively. Conducting a BIA, escalating to management, or simply continuing to enforce the policy won't directly address the root cause of the increased password reset requests.