Question: A multinational corporation is migrating its most critical applications to a hybrid cloud environment. The CIO is concerned about the following risks: - Data exfiltration by malicious insiders at the cloud provider - Inconsistent enforcement of data classification policies across jurisdictions - Difficulty proving compliance during external audits The company already uses encryption, strict IAM controls, and third-party risk assessments. Which of the following security approaches would BEST address the CIO’s concerns? A. Implement tokenization of sensitive data before it enters the cloud environment B. Require the cloud provider to sign a detailed SLA with strong penalties for non-compliance C. Adopt a cloud access security broker (CASB) for centralized visibility and policy enforcement D. Use homomorphic encryption to allow computations on encrypted data without exposing raw data

Roger's organisation suffered a breach of customer credit card records, under there terms of PCI DSS, what organisation may choose to purse an investigation of this matter? A: FBI B: Local law enforcement. C: Bank D: PCI SSC. Provide detailed rationale