To determine the selection of controls required to meet business objectives, an information security manager should: 

Answer options:

A. prioritize the use of role-based access controls.
B. focus on key controls.
C. restrict controls to only critical applications.
D. focus on automated controls.

B

Key controls primarily reduce risk and are most effective for the protection of information assets. The other choices could be examples of possible key controls.