Certified Information Security Manager (CISM) — Question 802

Which of the following would BEST help to ensure appropriate security controls are built into software?

Answer options

• A. Integrating security throughout the development process
• B. Performing security testing prior to deployment
• C. Providing standards for implementation during development activities
• D. Providing security training to the software development team

Correct answer: A

Explanation

The best method to ensure that security controls are effectively integrated into software is to incorporate security from the beginning of the development process. While performing security testing, providing implementation standards, and offering training are important, they are reactive measures that do not guarantee security is considered throughout the entire lifecycle of development.