Certified Information Security Manager (CISM) — Question 543

During which of the following development phases is it MOST challenging to implement security controls?

Answer options

• A. Implementation phase
• B. Post-implementation phase
• C. Design phase
• D. Development phase

Correct answer: B

Explanation

The post-implementation phase is the most challenging for implementing security controls because the system is already in operation, making changes more complex and potentially disruptive. In contrast, the implementation and design phases allow for easier integration of security measures, while the development phase is primarily focused on building the system itself.