Which of the following approaches is BEST for selecting controls to minimize information security risks?
A. Cost-benefit analysis
B. Control-effectiveness
C. Risk assessment
D. Industry best practices
A. Cost-benefit analysis
B. Control-effectiveness
C. Risk assessment
D. Industry best practices