What are the three elements of the risk triad from an information security perspective?

What are the three elements of the risk triad from an information security perspective?

A.
Assets, threats, and vulnerabilities

B.
Actions, threats, and vulnerabilities

C.
Assets, threats, and countermeasures

D.
Assets, countermeasures, and vulnerabilities