A chief Financial Officer (CFO) has asked the Chief Information Officer (CISO) to provide responses to a recent audit report detailing deficiencies in the organization security controls.
The CFO would like to know ways in which the organization can improve its authorization controls.
Given the request by the CFO, which of the following controls should the CISO focus on in the report? (Choose three)
Click on the arrows to vote for the correct answer
A. B. C. D. E. F. G.DFI.
Based on the request by the CFO to improve authorization controls, the CISO should focus on the following controls from the given list:
Role-based permissions: This control focuses on granting users access to system resources based on their job responsibilities or roles within the organization. By assigning permissions based on roles, users are restricted from accessing sensitive data or performing tasks outside of their authorized responsibilities. This helps to reduce the risk of data breaches caused by unauthorized access to data and resources.
Least privilege: The principle of least privilege dictates that users should only be granted access to the resources they need to perform their job functions. By limiting user access to resources, the risk of unauthorized access, misuse, or accidental changes to critical systems is significantly reduced.
Multifactor authentication: Multifactor authentication (MFA) is a security mechanism that requires users to provide multiple forms of authentication, such as a password and a fingerprint or smart card, to gain access to a system. This control adds an extra layer of security to the authentication process, making it more difficult for attackers to gain unauthorized access to sensitive information.
While the other controls, such as password complexity policies, hardware tokens, biometric systems, one-time passwords, separation of duties, and single sign-on, are important for security, they are not directly related to improving authorization controls.
In conclusion, to improve authorization controls in the organization, the CISO should focus on implementing role-based permissions, least privilege, and multifactor authentication.