Certified Information Security Manager (CISM) — Question 829

Which of the following BEST minimizes information security risk in deploying applications to the production environment?

Answer options

• A. Conducting penetration testing post implementation
• B. Having a well-defined change process
• C. Verifying security during the testing process
• D. Integrating security controls in each phase of the life cycle

Correct answer: D

Explanation

The correct answer, D, emphasizes that integrating security controls throughout each phase of the application lifecycle ensures that security is a continuous focus, minimizing risks effectively. Options A and C are reactive approaches that only address security after the fact, while B, although important, does not directly address the integration of security controls into the application development process.