An organization has discovered a recurring problem with unsecure code being released into production. Which of the following is the information security manager action?
A.
Implement segregation of duties between development and production.
B.
Increase the frequency of penetration testing.
C.
Review existing configuration management processes.
I go for A, since there is a conflict of interests, if developers are tasked to release codes into the production environment. They may skip testing or perform test cases that are easy to pass to lessen potential workload regarding fixes or identified bugs.
I see why people choose D, since releasing softwarecode is into the production environment is part of the change management process. But in this case, answer A is just more precise to tackle the problem.
This section is not available anymore. Please use the main Exam Page.CISM Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
eshah
3 months, 4 weeks agoJosef4CISM
5 months, 2 weeks agorichck102
11 months, 3 weeks ago