CISM Certified Information Security Manager – Question1142 - CISM Certified Information Security Manager

The PRIMARY reason for involving information security at each stage in the systems development life cycle (SDLC) is to identify the security implications and potential solutions required for:

A. identifying vulnerabilities in the system.
B. sustaining the organization's security posture.
C. the existing systems that will be affected.
D. complying with segregation of duties.

Correct Answer: B

Explanation:

Explanation:
It is important to maintain the organization’s security posture at all times. The focus should not be confined to the new system being developed or acquired, or to the existing systems in use. Segregation of duties is only part of a solution to improving the security of the systems, not the primary reason to involve security in the systems development life cycle (SDLC).