Certified Information Security Manager (CISM) — Question 238

Which of the following is the MOST effective way to help ensure web developers understand the growing severity of web application security risks?

Answer options

• A. Standardize secure web development practices
• B. Integrate security into the early phases of the development life cycle
• C. Incorporate security requirements into job descriptions
• D. Implement a tailored security awareness training program

Correct answer: D

Explanation

Option D is correct because a tailored security awareness training program directly addresses the knowledge gap among developers about security risks, making it the most effective approach. While the other options contribute to security, they do not specifically focus on increasing awareness of risks among developers as effectively as targeted training does.