Certified Information Systems Auditor (CISA) — Question 1351

Which of the following is the BEST control to help ensure that security requirements are considered throughout the life cycle of an agile software development project?

Answer options

• A. Including project team members who can provide security expertise
• B. Reverting to traditional waterfall software development life cycle (SDLC) techniques
• C. Documenting security control requirements and obtaining internal audit sign off
• D. Requiring the project to go through accreditation before release into production

Correct answer: A

Explanation

Including project team members who can provide security expertise ensures that security considerations are integrated into the development process from the start. Reverting to traditional waterfall techniques is not aligned with agile practices and does not inherently address security. Documenting requirements and obtaining audit sign off is useful, but it may not be as effective in ensuring ongoing security integration as having dedicated expertise. Requiring accreditation before release is a form of validation but does not facilitate continuous security considerations during development.