Certified Information Security Manager (CISM) — Question 927

Which of the following is the PRIMARY role of the information security manager in application development?

Answer options

• A. To ensure control procedures address business risk
• B. To ensure enterprise security controls are implemented
• C. To ensure compliance with industry best practice
• D. To ensure security is integrated into the system development life cycle (SDLC)

Correct answer: D

Explanation

The correct answer is D because the primary role of the information security manager is to ensure that security measures are integrated throughout the SDLC, which helps to mitigate risks effectively. Options A, B, and C, while important, are secondary responsibilities that support the overarching goal of integrating security into application development.