Which of the following lists are valid data-gathering activities associated with a risk assessment?
A.
Threat identification, vulnerability identification, control analysis
B.
Threat identification, response identification, mitigation identification
C.
Attack profile, defense profile, loss profile
D.
System profile, vulnerability identification, security determination