Which of the following should an information security manager establish FIRST to ensure security-related activities are adequately monitored?

A. Internal reporting channels
B. Accountability for security functions
C. Scheduled security assessments
D. Regular reviews of computer system logs