When selecting metrics to monitor the risks associated with an information security program, it is MOST important for an information security manager to: 

Answer options:

A. leverage industry benchmarks.
B. consider the organization`s business strategy.
C. identify the program`s risk and compensating controls.
D. consider the strategic objectives of the program.

B