Certified Information Systems Security Professional (CISSP) — Question 267

A large manufacturing organization arranges to buy an industrial machine system to produce a new line of products. The system includes software provided to the vendor by a third-party organization. The financial risk to the manufacturing organization starting production is high. What step should the manufacturing organization take to minimize its financial risk in the new venture prior to the purchase?

Answer options

• A. Require that the software be thoroughly tested by an accredited independent software testing company.
• B. Hire a performance tester to execute offline tests on a system.
• C. Calculate the possible loss in revenue to the organization due to software bugs and vulnerabilities, and compare that to the system's overall price.
• D. Place the machine behind a Layer 3 firewall.

Correct answer: A

Explanation

The correct answer is A because having the software independently tested ensures that potential issues are identified and resolved before the purchase, reducing the risk of financial loss. Options B and D do not address the software's reliability directly, while option C, although valuable, does not proactively mitigate risks associated with software performance.