PrepAway - Latest Free Exam Questions & Answers

Risk reduction in a system development life-cycle shoul…

Risk reduction in a system development life-cycle should be applied:

PrepAway - Latest Free Exam Questions & Answers

A.
Mostly to the initiation phase.

B.
Mostly to the development phase.

C.
Mostly to the disposal phase.

D.
Equally to all phases.

Explanation:
Risk reduction should be applied equally to the initiation phase, the development phase, and to the disposal
phase.
Within the initiation phase a preliminary risk assessment should be carried out to develop an initial description
of the confidentiality, integrity, and availability requirements of the system.The development phase include formal risk assessment which identifies vulnerabilities and threats in the
proposed system and the potential risk levels as they pertain to confidentiality, integrity, and availability. This
builds upon the initial risk assessment carried out in the previous phase (the initiation phase). The results of this
assessment help the team build the system’s security plan.
Disposal activities need to ensure that an orderly termination of the system takes place and that all necessary
data are preserved. The storage medium of the system may need to be degaussed, put through a zeroization
process, or physically destroyed.
Incorrect Answers:
A: Risk reduction should be applied to all phases equally, not mostly to the initiation phase.
B: Risk reduction should be applied to all phases equally, not mostly to the development phase.
C: Risk reduction should be applied to all phases equally, not mostly to the disposal phase.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
pp. 1091-1093


Leave a Reply