CISSP · Question #656
When are security requirements the LEAST expensive to implement?
The correct answer is D. When built into application design. The least expensive time to implement security requirements is when they are built into the application design. Here's why: Building security into the application design ensures that security measures are considered from the very beginning of the development process. When securit
Question
When are security requirements the LEAST expensive to implement?
Options
- AWhen identified by external consultants
- BDuring the application rollout phase
- CDuring each phase of the project cycle
- DWhen built into application design
How the community answered
(69 responses)- A6% (4)
- B3% (2)
- C1% (1)
- D90% (62)
Explanation
The least expensive time to implement security requirements is when they are built into the application design. Here's why: Building security into the application design ensures that security measures are considered from the very beginning of the development process. When security is incorporated during the design phase, it becomes an integral part of the architecture, rather than an afterthought. This approach is often referred to as "security by design" and is typically the most cost-effective because it avoids the need for expensive rework or retrofitting later on. Designing security into the system early allows developers to address potential vulnerabilities in the initial design and coding phases, rather than patching security issues after the application has been built or rolled out. Fixing security problems after deployment can be very costly, as it may involve reworking large portions of the application, causing delays, and potentially disrupting business operations.
Topics
Community Discussion
No community discussion yet for this question.