During an audit of your company's security governance documents, the auditor discovers that there are no formalized standards for password creation within the Information Security Policies. Which of the following actions would MOST effectively address this gap?
Update the Acceptable Use Policy (AUP) to recommend users to change passwords regularly without specifying any format or complexity.
Implement a password management tool without creating a formal standard to allow for complexity and uniqueness without the need to document specific requirements.
Conduct regular awareness sessions to emphasize the importance of strong passwords, informing staff that they should voluntarily adhere to best practices.
Revise the Information Security Policies to include specific password creation standards such as minimum length, complexity requirements, and change intervals. This will create a clear, enforceable standard for all users within the organization.