Certified Information Systems Security Professional (CISSP) — Question 256

In which process MUST security be considered during the acquisition of new software?

Answer options

• A. Request for proposal (RFP)
• B. Implementation
• C. Vendor selection
• D. Contract negotiation

Correct answer: A

Explanation

Security must be prioritized during the Request for Proposal (RFP) phase to ensure that potential vendors meet the required security standards and practices before any further steps are taken. While implementation, vendor selection, and contract negotiation are important stages, they occur after the RFP, and any security gaps identified during those later stages can be more costly to address.