CISM Certified Information Security Manager – Question0698

When integrating information security requirements into software development, which of the following practices should be FIRST in the development lifecycle?

A.
Penetration testing
B. Dynamic code analysis
C. Threat modeling
D. Source code review

Correct Answer: C