The PRIMARY reason for involving information security at each stage in the systems development
life cycle (SDLC) is to identify the security implications and potential solutions required for:

A.
identifying vulnerabilities in the system.

B.
sustaining the organization’s security posture.

C.
the existing systems that will be affected.

D.
complying with segregation of duties.

Explanation:

It is important to maintain the organization’s security posture at all times. The focus should not be
confined to the new system being developed or acquired, or to the existing systems in use.
Segregation of duties is only part of a solution to improving the security of the systems, not the

primary reason to involve security in the systems development life cycle (SDLC).