Who is at the BEST authority to develop the priorities and identify what risks and impacts would occur if there were loss of the organization's private information?

A. External regulatory agencies
B. Internal auditor
C. Business process owners
D. Security management