Certified in Risk and Information Systems Control (CRISC) — Question 258

Which of the following will BEST help mitigate the risk associated with malicious functionality in outsourced application development?

Answer options

• A. Utilize the change management process.
• B. Validate functionality by running in a test environment.
• C. Perform an in-depth code review with an expert.
• D. Implement a service level agreement.

Correct answer: C

Explanation

The correct answer is C because a comprehensive code review by an expert can identify and eliminate malicious code before it is deployed. The other options, while beneficial for overall application management and quality assurance, do not directly address the risks posed by potentially harmful code in outsourced development.