Certified Information Security Manager (CISM) — Question 536

IT projects have gone over budget with too many security controls being added post-production. Which of the following would MOST help to ensure that relevant to a project?

Answer options

• A. Involving information security at each stage of project management
• B. Creating a data classification framework and providing it to stakeholders
• C. Identifying responsibilities during the project business case analysis
• D. Providing stakeholders with minimum information security requirements

Correct answer: A

Explanation

Involving information security at every phase of project management ensures that security considerations are integrated from the beginning, reducing the likelihood of excessive controls later. The other options, while helpful, do not ensure that security is continuously addressed throughout the project lifecycle, which can lead to issues after production.