An information security manager is evaluating the key risk indicators (KRIs) for an organization`s information security program. Which of the following would be the information security manager`s GREATEST concern? 

Answer options:

A. Undefined thresholds to trigger alerts
B. Multiple KRIs for a single control process
C. Use of qualitative measures
D. Lack of formal KRI approval from IT management

A