While preparing of an audit of information security controls in the environment an analyst outlines a framework control that has the following requirements:
• All sensitive data must be classified
• All sensitive data must be purged on a quarterly basis
• Certificates of disposal must remain on file for at least three years This framework control is MOST likely classified as:
A . prescriptive
B . risk-based
C . preventive
D . corrective
Answer: A