Certified Information Security Manager (CISM) — Question 914

Which of the following is the BEST option to lower the cost to implement application security controls?

Answer options

• A. Include standard application security requirements.
• B. Perform security tests in the development environment.
• C. Perform a risk analysis after project completion.
• D. Integrate security activities within the development process.

Correct answer: D

Explanation

Integrating security activities within the development process (D) allows for early detection of vulnerabilities, reducing costs associated with fixing issues later. The other options, while beneficial, do not promote a proactive approach to security during development, which can lead to higher costs if problems arise after the project is completed.