Certified Information Security Manager (CISM) — Question 774

An organization has discovered a recurring problem with unsecure code being released into production. Which of the following is the information security manager action?

Answer options

• A. Implement segregation of duties between development and production.
• B. Increase the frequency of penetration testing.
• C. Review existing configuration management processes.
• D. Review existing change management processes.

Correct answer: A

Explanation

The correct answer is A because implementing segregation of duties helps to prevent unauthorized changes and ensures that the development and production environments are kept separate, reducing the risk of insecure code being released. Options B, C, and D, while they may improve security processes, do not directly address the root cause of insecure code being released into production.