To determine the selection of controls required to meet business objectives, an information security manager should:
A.
prioritize the use of role-based access controls.
B.
focus on key controls.
C.
restrict controls to only critical applications.
D.
focus on automated controls.
Explanation:
Key controls primarily reduce risk and are most effective for the protection of information assets.