Which of the following should be implemented?

A security administrator wants to implement a company-wide policy to empower data owners to
manage and enforce access control rules on various resources. Which of the following should be
implemented?

A.
Mandatory access control

B.
Discretionary access control

C.
Role based access control

D.
Rule-based access control