During which phase of an IT system life cycle are security requirements developed?

A.
Operation

B.
Initiation

C.
Functional design analysis and Planning

D.
Implementation

Explanation:
Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the security
requirement phase, transforms requirements, including the security requirements, into a complete System
Design Document.
Incorrect Answers:
A: The operation phase describes tasks to operate in a production environment, and is not concerned with
development of security requirements.
B: The initiation phase starts when a sponsor identifies a need or an opportunity. During this phase a Concept
Proposal, but no security requirements, is created.
D: In the implementation phase the system is implemented into a product production environment. The security
requirements have already been developed long before this phase.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 1095