SDLC phases include a minimum set of security tasks that are required to effectively incorporate security in the system development process. Which of the following are the key security activities for the development/acquisition phase?

Each correct answer represents a complete solution. Choose two.

A.
Prepare initial documents for system certification and accreditation

B.
Conduct the risk assessment and use the results to supplement the baseline security controls

C.
Determination of privacy requirements

D.
Initial delineation of business requirements in terms of confidentiality, integrity, and availability

Explanation:
Key security activities for the development/acquisition phase are as follows:
Conduct the risk assessment and use the results to supplement the baseline security controls Analyze security requirements
Perform functional and security testing
Prepare initial documents for system certification and accreditation Design security architecture

Answer options D and C are incorrect. Key security activities for the initiation phase are as follows:
Initial definition of business requirements in terms of confidentiality, integrity, and availability Determination of information categorization and identification of known special handling requirements in transmitting, storing, or creating information Determination of privacy requirements