At what stage of the applications development process should the security department initially become involved?
Answer options:
A. When requested
B. At testing
C. At programming
D. At detail requirements
Answer correct:
D
Information security has to be integrated into the requirements of the application`s design. It should also be part of the information security governance of the organization. The application owner may not make a timely request for security involvement. It is too late during systems testing, since the requirements have already been agreed upon. Code reviews are part of the final quality assurance process.