Certified Information Systems Security Professional – CISSP – Question278

Which of the following steps should be performed FIRST when purchasing Commercial Off-The-Shelf (COTS) software?

A.
undergo a security assessment as part of authorization process
B. establish a risk management strategy
C. harden the hosting server, and perform hosting and application vulnerability scans
D. establish policies and procedures on system and services acquisition

Correct Answer: D