An insurance company has created a set of policies to handle data breaches. The security team has been given this set of requirements based on these policies: ⋅ Access records from all devices must be saved and archived ⋅ Any data access outside of normal working hours must be immediately reported ⋅ Data access must only occur inside of the country ⋅ Access logs and audit reports must be created from a single database. Which of the following should be implemented by the security team to meet these requirements?
1) Restrict login access by IP address and GPS location
2) Require government-issued identification during the onboarding process
3) Add additional password complexity for accounts that access data
4) Conduct monthly permission auditing
5) Consolidate all logs on a SIEM
6) Archive the encryption keys of all disabled accounts
7) Enable time-of-day restrictions on the authentication server