A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a
recent audit report detailing deficiencies in the organization security controls. The CFO would like to
know ways in which the organization can improve its authorization controls. Given the request by the
CFO, which of the following controls should the CISO focus on in the report? (Select Three)
A.
Password complexity policies
B.
Hardware tokens
C.
Biometric systemsD. Role-based permissions
E.
One time passwords
F.
Separation of duties
G.
Multifactor authentication
H.
Single sign-on
I.
Lease privilege