In the context of organizational risk management, controls are categorized based on their purpose and timing relative to potential incidents. Preventive, Detective, Corrective, and Directive Controls serve distinct roles in mitigating risks. Scenario: A financial institution is enhancing its cybersecurity framework. The Chief Information Security Officer (CISO) proposes the following measures:

• Implementing multi-factor authentication (MFA) for system access.

• Deploying intrusion detection systems (IDS) to monitor network traffic.

• Establishing an incident response team to restore systems after a breach.

• Publishing a mandatory cybersecurity policy requiring annual employee training.

Which combination of controls best represents Preventive, Detective, Corrective, and Directive Controls, respectively?