Which of the following is the LEAST effective at meeting the Fair Information Practice Principles (FIPPs) in the Systems Development Life Cycle (SDLC)?
Which of the following is the LEAST effective at meeting the Fair Information Practice Principles (FIPPs) in the Systems Development Life Cycle (SDLC)?
Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks is primarily focused on identifying and mitigating security vulnerabilities in web applications. While important, this practice addresses security concerns rather than specifically targeting the Fair Information Practice Principles (FIPPs), which are more concerned with privacy aspects such as data minimization, purpose specification, and accountability. The other options are more directly aligned with incorporating privacy considerations and protecting sensitive data throughout the Systems Development Life Cycle (SDLC).
where can you find the reference to this question?
The correct answer is D. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks. While reviewing code against OWASP Top 10 Security Risks is important for identifying and mitigating security vulnerabilities, it is primarily focused on security rather than privacy. The Fair Information Practice Principles (FIPPs) are more directly related to privacy concerns, such as data minimization, purpose limitation, and transparency, which are better addressed by the other options listed. Therefore, reviewing code against OWASP Top 10 is the least effective at specifically meeting the FIPPs in the Systems Development Life Cycle (SDLC).