An organization implements a data loss prevention tool as a control to mitigate the risk of sensitive data leaving the organization via electronic mail. Which of the following would provide the BEST indication of adequate control design?
A. Management has formally approved the control design.
B. Management presents evidence that data loss incidents have decreased.
C. Security administrators can demonstrate the functions of the tool.
D. Rules enforced by the tool were based on the classification of the data.
A. Management has formally approved the control design.
B. Management presents evidence that data loss incidents have decreased.
C. Security administrators can demonstrate the functions of the tool.
D. Rules enforced by the tool were based on the classification of the data.