Certified Information Systems Auditor (CISA) — Question 1352

Which of the following is the BEST control to help ensure that security requirements are considered throughout the life cycle of an agile software development project?

Answer options

• A. Including project team members who can provide security expertise
• B. Reverting to traditional waterfall software development life cycle (SDLC) techniques
• C. Documenting security control requirements and obtaining internal audit sign off
• D. Requiring the project to go through accreditation before release into production

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of having team members with security expertise involved throughout the project, ensuring that security considerations are integrated into every phase. Options B and D do not support agile methodologies and may slow down the process, while option C, though important, does not actively ensure security is considered throughout the lifecycle.