Refer to the exhibit.
Symantec Data Loss Prevention’s four phases of risk reduction model provides a blueprint for identifying and remediating key risk areas without disrupting legitimate business activity. According to this model, which activity should occur during the baseline phase?
A. monitor incidents and tune the policy to reduce false positives
B. define and build the incident response team
C. establish business metrics and begin sending reports to business unit stakeholders
D. test policies to ensure that blocking actions minimize business process disruptions