Which of the following should be of GREATEST concern to an IS auditor reviewing a system software development project based on agile practices?
Which of the following should be of GREATEST concern to an IS auditor reviewing a system software development project based on agile practices?
The greatest concern for an IS auditor reviewing a system software development project based on agile practices should be the lack of secure coding practices. Ensuring secure coding is essential to protect the software from vulnerabilities and potential security breaches. In Agile methodologies, where rapid iterations and continuous integration are common, neglecting secure coding practices can lead to significant security risks. Security should always be a priority to safeguard the integrity and confidentiality of the system.
D. Lack of secure coding practices
A: Agile means "the ability to move quickly and easily". In the Agile method, programmers do not spend much time on documentation.
where did you learn Agile?
While lack of user acceptance testing (UAT) sign off (option B) is also a concern as it indicates potential gaps in validating the software against user requirements, the absence of secure coding practices poses a more immediate and severe risk to the security and integrity of the software and the organization's overall security posture. Therefore, it should be of greatest concern to an IS auditor reviewing a system software development project based on agile practices.
Secure coding practices are crucial for any software development project, regardless of methodology. In the fast-paced environment of agile development, the risk of vulnerabilities being introduced due to a lack of secure coding practices is heightened. Auditors should prioritize ensuring secure coding practices are implemented to minimize security risks in the final product. The answer is D