Certified Information Security Manager (CISM) — Question 642
During the initiation phase of the system development life cycle (SDLC) for a software project, information security activities should address:
Answer options
- A. baseline security controls
- B. security objectives
- C. cost-benefit analyses
- D. benchmarking security metrics
Correct answer: B
Explanation
The correct answer is B, as establishing security objectives is crucial during the initiation phase to ensure that security requirements align with project goals. Options A, C, and D, while relevant to security, are typically addressed in later phases of the SDLC rather than during initiation.