To ensure compliance with a security policy requiring that passwords be a combination of letters and numbers, an IS auditor should recommend that:
A、the company policy be changed.
B、passwords are periodically changed.
C、an automated password management tool be used.
D、security awareness training is delivered.