PrepAway - Latest Free Exam Questions & Answers

Which of the following phases of a system development l…

Which of the following phases of a system development life-cycle is most concerned with establishing a goodsecurity policy as the foundation for design?

PrepAway - Latest Free Exam Questions & Answers

A.
Development/acquisition

B.
Implementation

C.
Initiation

D.
Maintenance

Explanation:
Within the SDLC model during the initiation phase the need for a new system is defined. The initiation phase
includes security categorization and preliminary risk assessment including a security policy.
The security policy is a documentation that describes senior management’s directives toward the role that
security plays within the organization. It provides a framework within which an organization establishes needed
levels of information security to achieve the desired confidentiality, availability, and integrity goals.
Incorrect Answers:
A: The Development/acquisition phase does not establish a good security policy; instead it includes risk
assessment and risk analysis.
B: The implementation phase includes security certification and security accreditation. Establishing a good
security policy is not included in the implementation phase.
D: The maintenance phase include continuous monitoring, and configuration management and control. It does
include creation of a security policy.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
pp. 1088, 1422


Leave a Reply