To determine the selection of controls required to meet business objectives, an information
security manager should:

A.
prioritize the use of role-based access controls.

B.
focus on key controls.

C.
restrict controls to only critical applications.

D.
focus on automated controls.

Explanation:

Key controls primarily reduce risk and are most effective for the protection of information assets.
The other choices could be examples of possible key controls.