Certified Information Security Manager (CISM) — Question 1106

A financial institution is planning to develop a new mobile application. Which of the following is the BEST time to begin assessments of the application’s security compliance?

Answer options

• A. During user acceptance testing (UAT)
• B. During regulatory review
• C. During the design phase
• D. During static code analysis

Correct answer: C

Explanation

The best time to begin security compliance assessments is during the design phase, as this allows for identification and mitigation of vulnerabilities early in the development process. Waiting until user acceptance testing or regulatory review limits the ability to address security issues effectively, and static code analysis focuses more on code quality than compliance.