Watch this video on YouTube
The information security manager discovers that a departmental system does not comply with the password strength requirements outlined in the information security policy. What should be the initial action taken by the information security manager?