In reviewing a software development life cycle, an auditor finds that security requirements are addressed only during final testing phase before production deployment. What is the MOST significant consequence?

Home › MCQs › CISA › Question #6863

CISA QUESTION #6863

Question 1

Delayed security implementation
Security issues discovered late are expensive to fix and may require fundamental redesign✔️
Incomplete security coverage
Rushed implementation

Correct Answer Explanation

Security must be integrated throughout SDLC from requirements through design, development, and testing. Addressing security only at final testing means security flaws in architecture or design require expensive changes or workarounds. This 'bolted-on' security is less effective and more costly than security designed in from the start.

More Options