CRISC Certified in Risk and Information Systems Control – Question654

Which of the following will BEST ensure that information security risk factors are mitigated when developing in-house applications?

A.
Include information security control specifications in business cases.
B. Identify key risk indicators (KRIs) as process output.
C. Identify information security controls in the requirements analysis.
D. Design key performance indicators (KPIs) for security in system specifications.

Correct Answer: C