Exam CISM topic 1 question 341 discussion

b. integrate security into early phases of web development is the most effective way to get them to understand the important. The early phases will let them be proactive developers becoming more aware of potential risks associated with web application development. Although i get giving a tailored training but incorporating security in the earliest dev cycles would be more effective.

I don't know how people are selecting anything besides D. The questions states "MOST effective way to help ensure web developers understand". That would be with tailored training. "WEB DEVELOPERS UNDERSTAND", give them tailored training.

Process vs Education. Option D.

Effective way to make them understand

Option D is correct.

Option D

I agree with Jaiz. It is talking about helping them "understand" something. This isn't to do with implementing things into the SDLC, this is to do with training

D. Implement a tailored security awareness training program

To make them understand the risk, we need a tailored training.

Option D, implementing a tailored security awareness training program, directly addresses the need for web developers to understand the growing severity of web application security risks. By providing targeted training, developers can gain knowledge about the specific risks, vulnerabilities, and best practices related to web application security. While integrating security into the development life cycle (Option B) is important for proactive security measures, it may not solely address the need for understanding the severity of risks. - So I would go with Option D.

I picked Option B as well first. But D does make more sense. The question is talking about most effective way to make them "understand" the risks. Training would it.

The MOST effective way to help ensure web developers understand the growing severity of web application security risks is B. Integrate security into the early phases of the development life cycle. Integrating security into the early phases of the development life cycle, also known as "shift left" in the field of software development, involves incorporating security considerations and practices from the very beginning of the development process. This includes activities such as threat modeling, secure coding practices, code reviews, and security testing, among others. By integrating security into the early phases of the development life cycle, web developers are made aware of the security risks associated with web applications and are equipped with the knowledge and tools to address these risks proactively. While options A, C, and D are also important considerations in promoting web application security, integrating security into the early phases of the development life cycle is considered the most effective approach as it emphasizes proactive security practices rather than relying solely on standardized practices, job descriptions, or security awareness training, which may not be as comprehensive or impactful.

I like D - Implement a tailored security awareness training program. The reason is because the question mentions wanting the developers to "understand" the growing severity of web app security risks...that means teaching them, growing their knowledge. Putting steps into the SDLC doesn't increase your chance of them growing their understanding. two cents.

D is correct

The key word from the question is “understand” .. and understanding can be obtained from training.

D is correct i guess

The most effective way to help ensure web developers understand the growing severity of web application security risks is to integrate security into the early phases of the development life cycle (option B).