Which of the following security controls will you use for the deployment phase of the SDLC to build
secure software? Each correct answer represents a complete solution. Choose all that apply.
A.
Change and Configuration Control
B.
Security Certification and Accreditation (C&A)
C.
Vulnerability Assessment and Penetration Testing
D.
Risk Adjustments
Explanation:
The various security controls in the SDLC deployment phase are as follows: Secure
Installation: While performing any software installation, it should kept in mind that the security
configuration of the environment should never be reduced. If it is reduced then security issues and
overall risks can affect the environment. Vulnerability Assessment and Penetration Testing:
Vulnerability assessments (VA) and penetration testing (PT) is used to determine the risk and
attest to the strength of the software after it has been deployed. Security Certification and
Accreditation (C&A): Security certification is the process used to ensure controls which are
effectively implemented through established verification techniques and procedures, giving
organization officials confidence that the appropriate safeguards and countermeasures are in
place as means of protection. Accreditation is the provisioning of the necessary security
authorization by a senior organization official to process, store, or transmit information.
Risk Adjustments: Contingency plans and exceptions should be generated so that the residual risk
be above the acceptable threshold.