CISM Certified Information Security Manager – Question0065

At what stage of the applications development process should the security department initially become involved?

A.
When requested
B. At testing
C. At programming
D. At detail requirements

Correct Answer: D

Explanation:

Explanation:
Information security has to be integrated into the requirements of the application’s design. It should also be part of the information security governance of the organization. The application owner may not make a timely request for security involvement. It is too late during systems testing, since the requirements have already been agreed upon. Code reviews are part of the final quality assurance process.