Which of the following BEST minimizes information security risk in deploying applications to the production environment?
Which of the following BEST minimizes information security risk in deploying applications to the production environment?
Integrating security controls in each phase of the life cycle best minimizes information security risk in deploying applications to the production environment. By addressing security concerns at every stage of the software development life cycle, any potential vulnerabilities or threats can be identified and mitigated early on. This holistic approach ensures that the final product is robust and secure, thus reducing the risk when the application is eventually deployed to production.
I agree this is definitely D. Every other question of this nature emphasises the importance of implementing security as often and early as possible in development.
i will go with D
You have to look at the scope of the question! It is specifically asking what is BEST for deployment to production. Yes Implementing security through the SDLC is the MOST beneficial, but for the scope of the question it is not the best. A properly designed change management process is the best action when it comes to deploying anything new.
D should be the correct answer.
Well, I'm not so sure it's D. The question is about the deployment to production (from development, I assume). Option D considers SDLC, so it would reduce the risk of introducing vulnerabilities in the application itself. And while one can argue that by increasing the security of the application that you're deploying in production effectively lowers the risk in general, the question is still about the PROCESS of moving something from one environment to another (i.e. the managing the changes in the environment), not the SDLC. So I'm going with B on this one.
Then again, SDLC covers all phases and would include secure implementation and maintenance...So it can be D as well... Tricky question.
Option D
D. Integrating security controls in each phase of the life cycle
D. Integrating security controls in each phase of the life cycle
It talk about "risk" (Not "vulnerabilities") and "in deploying", so I would agree the marked answer. If was talking about to detect vulnerabilities in the code, definetly would be D, but B is more high level and related to risks
and in the change process D can be included
Option B
I will go for B with this one, if the question asks while developing, then the answer will be D, but when the question says deploying, the answer should be B.
No doubt, it's B.