Certified Information Security Manager (CISM) — Question 605

Which of the following is the PRIMARY role of an information security manager in a software development project?

Answer options

• A. To identify software security weaknesses
• B. To identify noncompliance in the early design stage
• C. To assess and approve the security application architecture
• D. To enhance awareness for secure software design

Correct answer: C

Explanation

The correct answer, C, highlights the critical task of evaluating and approving the security architecture to ensure it meets necessary standards. Options A and B focus on identifying issues rather than managing the overall security framework, while option D is about awareness rather than direct involvement in security architecture approval.