Certified Information Systems Auditor (CISA) — Question 364

Which of the following is the BEST control to help ensure that security requirements are considered throughout the life cycle of an agile software development project?

Answer options

• A. Including project team members who can provide security expertise
• B. Reverting to traditional waterfall software development life cycle (SDLC) techniques
• C. Documenting security control requirements and obtaining internal audit sign off
• D. Requiring the project to go through accreditation before release into production

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of involving team members with security expertise, ensuring continuous security considerations. Option B is ineffective as reverting to waterfall methods contradicts agile principles. Option C, while useful, does not guarantee ongoing security focus, and option D adds unnecessary delays by waiting for accreditation before release.