Procedures that a practitioner should perform related to controls over information security include all the following except:_____.
A. Understanding threat mitigation.
B. Planning a threat.
C. Identifying threat agents.
D. Assessing cybersecurity risks