Which of the following lists are valid data-gathering activities associated with a risk assessment?
A . Threat identification, vulnerability identification, control analysis
B . Threat identification, response identification, mitigation identification
C . Attack profile, defense profile, loss profile
D . System profile, vulnerability identification, security determination
Answer: A