Certified Information Systems Security Professional (CISSP) — Question 310

A company is moving from the V model to Agile development. How can the information security department BEST ensure that secure design principles are implemented in the new methodology?

Answer options

• A. Information security requirements are captured in mandatory user stories.
• B. All developers receive a mandatory targeted information security training.
• C. The information security department performs an information security assessment after each sprint.
• D. The non-financial information security requirements remain mandatory for the new model.

Correct answer: A

Explanation

Capturing information security requirements in mandatory user stories ensures that security considerations are integrated from the beginning of the Agile process, making them a part of the development workflow. While training and assessments are important, they occur after the fact and do not guarantee that security is prioritized during design. Maintaining non-financial requirements as mandatory does not specifically address the integration of secure design principles in Agile.