Question
Table of Contents
Which of the following is the PRIMARY role of an information security manager in a software development project?
A. To identify software security weaknesses
B. To identify noncompliance in the early design stage
C. To assess and approve the security application architecture
D. To enhance awareness for secure software design
Answer
C. To assess and approve the security application architecture
Explanation
The correct answer is C. To assess and approve the security application architecture. This is the primary role of an information security manager in a software development project because the security application architecture defines how the software will meet the security requirements and objectives of the organization. The information security manager is responsible for ensuring that the security application architecture is aligned with the business goals, risk appetite, and policies of the organization, and that it follows the best practices and standards for secure software development. The information security manager should also review and approve any changes to the security application architecture throughout the project lifecycle, and monitor its implementation and testing. By doing so, the information security manager can ensure that the software is designed and developed in a secure manner, and that it can protect the confidentiality, integrity, and availability of the information assets.
The other options are not the primary role of an information security manager in a software development project, but they may be part of their secondary or supporting roles. For example:
- A. To identify software security weaknesses: This is a role of a software security tester or analyst, who performs various types of testing (such as static analysis, dynamic analysis, penetration testing, etc.) to identify and report any vulnerabilities or defects in the software. The information security manager may oversee or coordinate these activities, but they are not their primary role.
- B. To identify noncompliance in the early design stage: This is a role of a software security auditor or assessor, who evaluates and verifies whether the software complies with the applicable laws, regulations, standards, and policies. The information security manager may participate or facilitate these activities, but they are not their primary role.
- D. To enhance awareness for secure software design: This is a role of a software security trainer or educator, who provides training and guidance to the software developers and other stakeholders on how to design and develop secure software. The information security manager may support or sponsor these activities, but they are not their primary role.
Reference
Isaca Certified Information Security Manager CISM certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Isaca Certified Information Security Manager CISM exam and earn Isaca Certified Information Security Manager CISM certification.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
