Which objective is MOST appropriate to measure the effectiveness of password policy?

Which objective is MOST appropriate to measure the effectiveness of password policy?
A . The number of related incidents decreases.
B . Attempts to log with weak credentials increases.
C . The number of related incidents increases.
D . Newly created account credentials satisfy requirements.

View Answer

Answer: D

Explanation:

The objective that is most appropriate to measure the effectiveness of password policy is newly created account credentials satisfy requirements. This is because password policy is a set of rules and guidelines that define the characteristics and usage of passwords in a system or network. Password policy aims to enhance the security and confidentiality of the system or network by preventing unauthorized access, data breaches, and identity theft. Therefore, the best way to evaluate the effectiveness of password policy is to check whether the newly created account credentials meet the requirements of the policy, such as length, complexity, expiration, and history. This objective can be measured by conducting periodic audits, reviews, or tests of the account creation process and verifying that the passwords comply with the policy standards. This is part of the Cloud Control Matrix (CCM) domain IAM-02: User ID Credentials, which states that "The organization should have a policy and procedures to manage user ID credentials for cloud services and data."1

Reference: CCAK Study Guide, Chapter 4: A Threat Analysis Methodology for Cloud Using CCM, page 76