Certified Information Systems Auditor (CISA) — Question 1028

Which of the following would BEST help to ensure that potential security issues are considered by the development team as part of incremental changes to agile- developed software?

Answer options

• A. Deploy changes in a controlled environment and observe for security defects.
• B. Mandate that the change analyses are documented in a standard format.
• C. Assign the security risk analysis to a specially trained member of the project management office.
• D. Include a mandatory step to analyze the security impact when making changes.

Correct answer: D

Explanation

The correct answer is D because integrating a mandatory step for security impact analysis ensures that security considerations are routinely incorporated into the development process. Options A, B, and C may contribute to security awareness in different ways, but they do not guarantee that security will be a consistent focus during every change in the agile development lifecycle.