A medium-sized organization is undergoing an audit for its information security practices. As a security analyst, the auditor seeks to assess the organization's use of an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor focus on to ensure the organization meets the standards set for information security? A.The AUP includes clear consequences for noncompliance. B.The AUP includes guidance for personal use of organizational resources. C.The AUP includes the number of allowed password attempts before locking an account. D.The AUP includes a list of approved software for each department