Which of the following is a directive control?

A. Establishing an information security operations team
B. Updating data loss prevention software
C. Implementing an information security policy
D. Configuring data encryption software