Which of the following are the key security activities for the initiation phase? Each correct answer represents a complete solution. Choose two.
A.
Determination of privacy requirements.
B.
Perform functional and security testing.
C.
Initial delineation of business requirements in terms of confidentiality, integrity, and availability.
D.
Analyze security requirements.
Explanation:
Answer options C and A are correct.Key security activities for the initiation phase are as follows:
Initial definition of business requirements in terms of confidentiality, integrity, and availability Determination of information categorization and identification of known special handling requirements in transmitting, storing, or creating information Determination of privacy requirements
Answer options D and B are incorrect. Key security activities for the development/acquisition phase are as follows:
Conduct the risk assessment and use the results to supplement the baseline security controls Analyze security requirements
Perform functional and security testing
Prepare initial documents for system certification and accreditation Design security architecture