CISM Certified Information Security Manager – Question0252

Risk assessment should be built into which of the following systems development phases to ensure that risks are addressed in a development project?

A.
Programming
B. Specification
C. User testing
D. Feasibility

Correct Answer: D

Explanation:

Explanation:
Risk should be addressed as early as possible in the development cycle. The feasibility study should include risk assessment so that the cost of controls can be estimated before the project proceeds. Risk should also be considered in the specification phase where the controls are designed, but this would still be based on the assessment carried out in the feasibility study. Assessment would not be relevant in choice A or C.