A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent
audit report detailing deficiencies in the organization security controls. The CFO would like to know ways in
which the organization can improve its authorization controls. Given the request by the CFO, which of the
following controls should the CISO focus on in the report? (Choose Three)

A.
Password complexity policies

B.
Hardware tokens

C.
Biometric systems

D.
Role-based permissions

E.
One time passwords

F.
Separation of duties

G.
Multifactor authentication

H.
Single sign-on

I.
Lease privilege