CISSP · Question #352
Which of the following steps should be performed FIRST when purchasing Commercial Off-The- Shelf (COTS) software?
The correct answer is D. establish policies and procedures on system and services acquisition. The first step when purchasing Commercial Off-The-Shelf (COTS) software is to establish policies and procedures on system and services acquisition. This involves defining the objectives, scope, and criteria for acquiring the software, as well as the roles and responsibilities of
Question
Which of the following steps should be performed FIRST when purchasing Commercial Off-The- Shelf (COTS) software?
Options
- Aundergo a security assessment as part of authorization process
- Bestablish a risk management strategy
- Charden the hosting server, and perform hosting and application vulnerability scans
- Destablish policies and procedures on system and services acquisition
How the community answered
(38 responses)- A5% (2)
- B3% (1)
- C11% (4)
- D82% (31)
Explanation
The first step when purchasing Commercial Off-The-Shelf (COTS) software is to establish policies and procedures on system and services acquisition. This involves defining the objectives, scope, and criteria for acquiring the software, as well as the roles and responsibilities of the stakeholders involved in the acquisition process. The policies and procedures should also address the legal, contractual, and regulatory aspects of the acquisition, such as the terms and conditions, the service level agreements, and the compliance requirements. Undergoing a security assessment, establishing a risk management strategy, and hardening the hosting server are not the first steps when purchasing COTS software, but they may be part of the subsequent steps, such as the evaluation, selection, and implementation of the software.
Topics
Community Discussion
No community discussion yet for this question.