At what stage of the applications development process should the security department become involved?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.
The involvement of the security department in the applications development process is crucial to ensure that security is integrated into the application from the very beginning. The security department should be involved in the development process at every stage to identify and mitigate potential security risks.
Out of the options provided, the best answer is A. Prior to implementation.
Here's why:
Prior to implementation: This is the most appropriate time for the security department to become involved in the application development process. At this stage, the application has been designed, and it is ready to be implemented. The security department can review the design and identify any potential security vulnerabilities. The security department can also suggest security controls that can be integrated into the application.
Prior to systems testing: This stage is too late for the security department to become involved. At this point, the application has already been developed, and the security vulnerabilities might be more difficult and costly to fix. The security department can still identify some security risks, but it may not be as effective as when involved earlier in the development process.
During unit testing: Unit testing is focused on testing individual components of the application, and it is not the best time for the security department to become involved. The focus is on functional and performance testing rather than security testing.
During requirements development: At this stage, the focus is on gathering and defining the requirements of the application. The security department can provide input on the security requirements of the application. However, it is not the best time for the security department to become involved as the application design has not yet been established.
In summary, the security department should become involved in the application development process prior to implementation. This will enable them to identify and mitigate potential security risks and suggest security controls that can be integrated into the application.