Certified Information Security Manager (CISM) — Question 355

Which of the following would BEST ensure that security is integrated during application development?

Answer options

• A. Performing application security testing during acceptance testing
• B. Introducing security requirements during the initiation phase
• C. Employing global security standards during development processes
• D. Providing training on secure development practices to programmers

Correct answer: B

Explanation

The correct answer is B because integrating security requirements during the initiation phase ensures that security is a foundational element of the project, influencing all subsequent stages. While options A, C, and D contribute to security, they do not establish it as a priority from the outset, making them less effective compared to option B.