ExamTopics Logo
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam SSCP All Questions

View all questions & answers for the SSCP exam
Go to Exam

Exam SSCP topic 2 question 112 discussion

Actual exam question from ISC's SSCP
Question #: 112
Topic #: 2
[All SSCP Questions]

When considering an IT System Development Life-cycle, security should be:

  • A. Mostly considered during the initiation phase.
  • B. Mostly considered during the development phase.
  • C. Treated as an integral part of the overall system design.
  • D. Added once the design is completed.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
Security must be considered in information system design. Experience has shown it is very difficult to implement security measures properly and successfully after a system has been developed, so it should be integrated fully into the system life-cycle process. This includes establishing security policies, understanding the resulting security requirements, participating in the evaluation of security products, and finally in the engineering, design, implementation, and disposal of the system.
Source: STONEBURNER, Gary & al, National Institute of Standards and Technology (NIST), NIST Special Publication 800-27, Engineering Principles for
Information Technology Security (A Baseline for Achieving Security), June 2001 (page 7).
by xymavu at April 4, 2025, 11:12 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel