When an information security manager presents an information security program status report to senior management, the MAIN focus should be:

A. key performance indicators (KPIs)
B. critical risks indicators
C. net present value (NPV)
D. key controls evaluation