Which of the following is the FIRST phase in which security should be addressed in the
development cycle of a project?
A.
Design
B.
Implementation
C.
Application security testing
D.
Feasibility
Explanation:
Information security should be considered at the earliest possible stage. Security requirements
must be defined before you enter into design specification, although changes in design may alter
these requirements later on. Security requirements defined during system implementation are
typically costly add-ons that are frequently ineffective. Application security testing occurs after
security has been implemented.