At What Stage Should the Security Department Get Involved?
Question
At what stage of the applications development process should the security department initially become involved?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Information security has to be integrated into the requirements of the application's design.
It should also be part of the information security governance of the organization.
The application owner may not make a timely request for security involvement.
It is too late during systems testing, since the requirements have already been agreed upon.
Code reviews are part of the final quality assurance process.
The security department should be involved in the application development process as early as possible to ensure that security measures are considered and implemented throughout the development lifecycle. This means that the security department should be involved from the initial planning phase and continue throughout the design, development, testing, and deployment phases.
Option D, "At detail requirements," is the most appropriate answer because this stage is where the project requirements are defined in detail. It is the stage where the project team identifies and documents the functional and non-functional requirements, constraints, assumptions, and dependencies of the application. At this stage, the security department can identify potential security risks and requirements related to the application's functionality and design. By identifying security requirements early, the security department can ensure that the application meets security standards and that security risks are minimized.
Option C, "At programming," is too late in the development process for the security department to become involved. At this stage, the application design has already been determined, and any changes may require significant rework, which could increase the development timeline and budget.
Option B, "At testing," is also too late for the security department to become involved. At this stage, the application has already been developed, and security issues may already be present. Involving the security department at this stage may require significant effort to identify and address security issues, which could result in delays and additional costs.
Option A, "When requested," is not appropriate as the security department should not wait to be invited to participate in the development process. Proactive involvement in the application development process is essential to identify security risks early and ensure that security is incorporated throughout the development lifecycle.
