The BEST way to mitigate the risk associated with a social engineering attack is to:
A. deploy an effective intrusion detection system (IDS)
B. perform a user-knowledge gap assessment of information security practices
C. perform a business risk assessment of the email filtering system
D. implement multi-factor authentication on critical business systems