Certified Information Security Manager (CISM) — Question 882

To improve the efficiency of the development of a new software application, security requirements should be defined:

Answer options

• A. based on code review.
• B. based on available security assessment tools.
• C. after functional requirements.
• D. concurrently with other requirements.

Correct answer: D

Explanation

The correct answer is D because defining security requirements concurrently with other requirements ensures that security is integrated into the development process from the start. Options A and B suggest that security considerations are secondary, and option C implies that security comes after functional needs, which can lead to vulnerabilities if not addressed early.