Certified Information Security Manager (CISM) — Question 6

Which of the following is the MOST effective way for an information security manager to ensure that security is incorporated into an organization's project development processes?

Answer options

• A. Develop good communications with the project management office (PMO).
• B. Participate in project initiation, approval, and funding.
• C. Conduct security reviews during design, testing, and implementation.
• D. Integrate organization's security requirements into project management.

Correct answer: D

Explanation

Integrating the organization's security requirements into project management (option D) ensures that security is considered from the very beginning of the project lifecycle. While good communication with the PMO (option A), participation in project phases (option B), and conducting security reviews (option C) are important, they are secondary to embedding security requirements directly into project management processes.