nerdexam
(ISC)2

CISSP · Question #656

When are security requirements the LEAST expensive to implement?

The correct answer is D. When built into application design. The least expensive time to implement security requirements is when they are built into the application design. Here's why: Building security into the application design ensures that security measures are considered from the very beginning of the development process. When securit

Submitted by lukas.cz· Mar 5, 2026Software Development Security

Question

When are security requirements the LEAST expensive to implement?

Options

  • AWhen identified by external consultants
  • BDuring the application rollout phase
  • CDuring each phase of the project cycle
  • DWhen built into application design

How the community answered

(69 responses)
  • A
    6% (4)
  • B
    3% (2)
  • C
    1% (1)
  • D
    90% (62)

Explanation

The least expensive time to implement security requirements is when they are built into the application design. Here's why: Building security into the application design ensures that security measures are considered from the very beginning of the development process. When security is incorporated during the design phase, it becomes an integral part of the architecture, rather than an afterthought. This approach is often referred to as "security by design" and is typically the most cost-effective because it avoids the need for expensive rework or retrofitting later on. Designing security into the system early allows developers to address potential vulnerabilities in the initial design and coding phases, rather than patching security issues after the application has been built or rolled out. Fixing security problems after deployment can be very costly, as it may involve reworking large portions of the application, causing delays, and potentially disrupting business operations.

Topics

#SDLC security#security by design#cost-benefit analysis

Community Discussion

No community discussion yet for this question.

Full CISSP Practice