CISM Certified Information Security Manager – Question0862

Failure to include information security requirements within the build/buy decision would MOST likely result in the need for:

A.
compensating controls in the operational environment.
B. commercial product compliance with corporate standards.
C. more stringent source programming standards.
D. security scanning of operational platforms.

Correct Answer: A