CISSP · Question #1414
CISSP Question #1414: Real Exam Question with Answer & Explanation
The correct answer is C: Add information security objectives into development.. The fundamental requirement to address potential security issues when initiating software development is to add information security objectives into development. This means that security should be considered as an integral part of the software development life cycle (SDLC), from
Question
Which of the following is fundamentally required to address potential security issues when initiating software development?
Options
- AImplement ongoing security audits in all environments.
- BEnsure isolation of development from production.
- CAdd information security objectives into development.
- DConduct independent source code review.
Explanation
The fundamental requirement to address potential security issues when initiating software development is to add information security objectives into development. This means that security should be considered as an integral part of the software development life cycle (SDLC), from the initial planning and analysis phase to the final deployment and maintenance phase. Security objectives should be aligned with the business objectives and requirements of the software, and should be measurable, achievable, and verifiable. Security objectives should also be communicated and agreed upon by all the stakeholders involved in the software development, such as developers, testers, users, and managers. Adding security objectives into development can help to prevent, detect, and mitigate security flaws and vulnerabilities in the software, and to ensure that the software meets the security standards and expectations of the organization and
Topics
Community Discussion
No community discussion yet for this question.