Hard1 markMultiple Choice

Area I: Information SystemsSDLCSecurity by DesignArea I

CPA · Question 56 · Area I: Information Systems

An auditor is reviewing the 'System Development Life Cycle' (SDLC). In which phase should security requirements be defined?

Answer options:

A.

Testing

B.

Deployment

C.

Requirements Analysis / Planning

D.

Maintenance

How to approach this question

Security by Design = Start at the beginning.

Full Answer

C.Requirements Analysis / Planning✓ Correct

Defining security requirements in the initial Requirements/Planning phase ensures 'Security by Design' and avoids costly retrofitting later.

Common mistakes

Thinking security is added during testing.

Question 55 All questions Question 57

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →