Procedures that a practitioner should perform related to controls over information security include all the following except:_____. A. Understanding threat mitigation. B. Planning a threat. C. Identifying threat agents. D. Assessing cybersecurity risks