A company's control monitoring shows that a detective control has been 100% effective for the past year. However, a recent incident revealed that a data breach went undetected for three months. What is the MOST likely cause?
Control scope may be narrow.
Why this answer
Option D is correct because the control may not have covered the specific scenario of the breach. Option A is wrong if no logs. Option B is wrong because 100% suggests no failures.
Option C is wrong because if monitoring was correct, it would have caught.