nerdexam
Isaca

CDPSE · Question #118

When is the BEST time during the secure development life cycle to perform privacy threat modeling?

The correct answer is B. Early in the design phase. Privacy threat modeling identifies how personal data could be misused, exposed, or improperly collected within a system. Performing it early in the design phase (B) is optimal because design decisions-data flows, storage choices, access controls, third-party integrations-are stil

Privacy Architecture

Question

When is the BEST time during the secure development life cycle to perform privacy threat modeling?

Options

  • AWhen identifying business requirements
  • BEarly in the design phase
  • CDuring functional verification testing
  • DPrior to the production release

How the community answered

(37 responses)
  • B
    95% (35)
  • C
    3% (1)
  • D
    3% (1)

Explanation

Privacy threat modeling identifies how personal data could be misused, exposed, or improperly collected within a system. Performing it early in the design phase (B) is optimal because design decisions-data flows, storage choices, access controls, third-party integrations-are still being made. Threats identified at this stage can be mitigated through design changes at the lowest possible cost. Performing it during business requirements gathering (A) is too early because the system design context needed to identify concrete threats does not yet exist. During functional testing (C) or just before production release (D) are far too late-by then, redesign is costly and disruptive, and many privacy risks will already be baked into the architecture.

Topics

#Privacy Threat Modeling#Secure Development Life Cycle#Privacy by Design#System Design

Community Discussion

No community discussion yet for this question.

Full CDPSE Practice