In a system life cycle, information security controls should be:

A.
Designed during the product implementation phase.

B.
Specified after the coding phase.

C.
Part of the feasibility phase.

D.
Implemented prior to validation.

Explanation:
In the system life cycle, information security controls should be part of the feasibility phase. The
other answers are incorrect because the basic premise of information system security is that
controls should be included in the earliest phases of the software life cycle and not added later in
the cycle or as an afterthought.