Which of the following is the FIRST phase in which security should be addressed in the development cycle of a
project?
A.
Design
B.
Implementation
C.
Application security testing
D.
Feasibility
Explanation:
Information security should be considered at the earliest possible stage. Security requirements must be defined before you enter into design specification, although changes in design may alter these requirements later on.
Security requirements defined during system implementation are typically costly add-ons that are frequently ineffective. Application security testing occurs after security has been implemented.