A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide
responses to a recent audit report detailing deficiencies in the organization security controls. The
CFO would like to know ways in which the organization can improve its authorization controls.
Given the request by the CFO, which of the following controls should the CISO focus on in the
report? (Select Three)

A.
Password complexity policies

B.
Hardware tokens

C.
Biometric systems

D.
Role-based permissions

E.
One time passwords

F.
Separation of duties

G.
Multifactor authentication

H.
Single sign-on

I.
Lease privilege