An organization has decided to reduce labor costs by outsourcing back office processing of credit applications
to a provider located in another country. Data sovereignty and privacy concerns raised by the security team
resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To
facilitate communications and improve productivity, staff at the third party has been provided with corporate
email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff
at the third party can only communicate with staff within the organization. Which of the following additional
controls should be implemented to prevent data loss? (Select THREE).

A.
Implement hashing of data in transit

B.
Session recording and capture

C.
Disable cross session cut and paste

D.
Monitor approved credit accounts

E.
User access audit reviews

F.
Source IP whitelisting