A medium-sized organization's information security practices are being audited. The auditor is assessing the organization's use of an Acceptable Use Policy (AUP). What crucial aspect of the AUP should the auditor expect to find? A.The AUP includes clear consequences for noncompliance. B.The AUP includes guidance for change management requests. C.The AUP includes the number of allowed password attempts before locking an account. D.The AUP includes a list of approved software for each department