A security administrator is developing controls for creating audit trails and tracking if a PHI data breach is to occur. The administrator has been given the following requirements: All access must be correlated to a user account. 

✑ All user accounts must be assigned to a single individual. ✑ User access to the PHI data must be recorded. ✑ Anomalies in PHI data access must be reported. ✑ Logs and records cannot be deleted or modified. Which of the following should the administrator implement to meet the above requirements? (Choose three.) 

Answer options:

A. Eliminate shared accounts.
B. Create a standard naming convention for accounts.
C. Implement usage auditing and review.
D. Enable account lockout thresholds.
E. Copy logs in real time to a secured WORM drive.
F. Implement time-of-day restrictions.
G. Perform regular permission audits and reviews.

ACE