Certified Information Security Manager (CISM) — Question 588

To ensure that a new application complies with information security policy, the BEST approach is to:

Answer options

• A. perform a vulnerability analysis
• B. review the security of the application before implementation
• C. integrate security functionality during the development stage
• D. periodically audit the security of the application

Correct answer: C

Explanation

The correct answer, C, emphasizes incorporating security functionalities during development, which is essential for compliance and reduces risks early on. Options A and D focus on post-development assessments, which are less effective for ensuring compliance from the outset. Option B, while important, does not address security integration as comprehensively as option C.