At which of the basic phases of the System Development Life Cycle are security requirements formalized?

A.
Disposal

B.
System Design Specifications

C.
Development and Implementation

D.
Functional Requirements Definition

Explanation:
Requirements, including security requirements, are formalized in the Functional Requirements Definition phase.
Incorrect Answers:A: Disposal activities need to ensure that an orderly termination of the system takes place and that all
necessary data are preserved. Security requirements are not formalized at the disposal phase.
B: Within the Systems Development Life Cycle (DSLC) model the design phase, also known as the System
Design Specifications phase, transforms requirements, including the security requirements, into a complete
System Design Document.
C: In the implementation phase the system is implemented into a product production environment. The security
requirements have already been developed long before this phase.

Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 1095