CISM Certified Information Security Manager – Question0748

Which of the following would be MOST effective in ensuring that information security is appropriately addressed in new systems?

A.
Internal audit signs off on security prior to implementation
B. Information security staff perform compliance reviews before production begins
C. Information security staff take responsibility for the design of system security
D. Business requirements must include security objectives

Correct Answer: D