A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to
provide responses to a recent audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in which the organization can improve its authorization controls.
Given the request by the CFO, which of the following
controls should the CISO focus on in the report? (Select Three)
A. Password complexity policies
B. Hardware tokens
C. Biometric systems
D. Role-based permissions
E. One time passwords
F. Separation of duties
G. Multifactor authentication
H. Single sign-o
n
I. Lease privilege
could it be A,B,C?
0
5
It specifically asked for authorization controls. A. Password complexity is something you know, B. Hardware token is could be something you have. C. Biometric systems is controls something you are. E. One-Time passwords is like something you have. G. Multifactor Authentication and H Single-on are authentications. Role-based permissions, separation of duties, and least privilege are “authorization controls” put in by the administrator or whoever is responsible for security of the organizations systems. D, F, I are correct.
0
0