To integrate security into system development life cycle (SDLC) processes, an organization MUST ensure that security:
Click on the arrows to vote for the correct answer
A. B. C. D.A.
Integrating security into the system development life cycle (SDLC) process is essential for ensuring that security is not an afterthought but is built into the software development process. This approach helps to identify and address security vulnerabilities at an early stage of the SDLC process and saves resources, time and effort spent on fixing issues later in the development process.
The options given in the question are:
A. Is a prerequisite for completion of major phases. B. Performance metrics have been met. C. Roles and responsibilities have been defined. D. Is represented on the configuration control board.
The correct answer is option A: "Security is a prerequisite for completion of major phases."
Explanation:
A. Security is a prerequisite for completion of major phases:
Integrating security as a prerequisite for the completion of major phases means that security should be considered an integral part of each stage of the SDLC process. Security measures should be built into the development process, from the initial planning stage to the testing and deployment stages. This ensures that the security requirements are met and the software developed is secure.
B. Performance metrics have been met:
Performance metrics are a measure of how well the software performs. Although important, performance metrics are not the primary concern when it comes to security. Therefore, it is not the best answer.
C. Roles and responsibilities have been defined:
Defining roles and responsibilities is important, but it does not necessarily ensure that security is integrated into the SDLC process. Defining the roles and responsibilities related to security is only one part of the process, and it is not enough to ensure that security is integrated into the entire SDLC process.
D. Security is represented on the configuration control board:
The configuration control board (CCB) is responsible for managing changes to the software. While it is important to ensure that security is represented on the CCB, this alone does not ensure that security is integrated into the entire SDLC process.
In summary, the most appropriate answer is option A, "Security is a prerequisite for completion of major phases." Integrating security at each phase of the SDLC process helps to ensure that security requirements are met, and the software developed is secure.