Which of the following security controls will you use for the deployment phase of the SDLC to build
secure software?
Each correct answer represents a complete solution. Choose all that apply.

A.
Vulnerability Assessment and Penetration Testing

B.
Security Certification and Accreditation (C&A)

C.
Change and Configuration Control

D.
Risk Adjustments

Explanation:
The various security controls in the SDLC deployment phase are as follows:
Secure Installation: While performing any software installation, it should kept in mind that the
security configuration of the environment should never be reduced. If it is reduced then security
issues and overall risks can affect the environment. Vulnerability Assessment and Penetration
Testing: Vulnerability assessments (VA) and penetration testing (PT) is used to determine the risk
and attest to the strength of the software after it has been deployed.

Security Certification and Accreditation (C&A): Security certification is the process used to ensure
controls which are effectively implemented through established verification techniques and
procedures, giving organization officials confidence that the appropriate safeguards and
countermeasures are in place as means of protection. Accreditation is the provisioning of the
necessary security authorization by a senior organization official to process, store, or transmit
information. Risk Adjustments: Contingency plans and exceptions should be generated so that the
residual risk be above the acceptable threshold.
ISC2 Online Help Resource, Contents: “Software Security: Being Secure in an Insecure
World”