Certified Information Systems Auditor (CISA) — Question 772

Which of the following is the BEST way to reduce the risk of vulnerabilities introduced by rapid deployment of applications?

Answer options

• A. Review a sample of historical production changes to identify abnormalities.
• B. Perform security audits during the development life cycle.
• C. Review change management policies and procedures.
• D. Conduct a post-deployment security audit to identify vulnerabilities.

Correct answer: B

Explanation

The correct answer is B because performing security audits during the development life cycle allows for the identification and remediation of vulnerabilities before they are introduced into production. Options A, C, and D focus on reviewing or assessing after changes have been made, which does not proactively address vulnerabilities during the critical development phase.