SDLC Security requirement

CISSPGOALCISSPGOAL Member Posts: 27 ■□□□□□□□□□
in SSCP
The SDLC Security requirement are defined in

a) Project Initiation and Planning or
b) Functional design analysis and planning

Which of the above is correct and could you rationale your answer.
· Share on FacebookShare on Twitter

Comments

  • ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
    A.

    Security requirements are considered non-functional requirements, so B would not be the correct answer.


    Basing that answer off of something I read in my Software Engineering class and not for something I read while prepping for the CISSP.
    Andy

    2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
    · Share on FacebookShare on Twitter
  • ajs1976ajs1976 Member Posts: 1,945 ■■■■□□□□□□
    i'm assuming that was a practice test question from somewhere. What was the right answer?
    Andy

    2020 Goals: 0 of 2 courses complete, 0 of 2 exams complete
    · Share on FacebookShare on Twitter
  • CISSPGOALCISSPGOAL Member Posts: 27 ■□□□□□□□□□
    Functional design analysis and planning is the answer. It is indicated in one of the shon harris passport book short tips instead of questions

    Is my assumption correct?
    Security is identified in Project Initiation and Planning phase
    Security is defined during Functional design analysis and planning


    It lead me to answer to this question.

    Who is responsible for data classification?
    a) Data Owner
    b) Senior Management
    · Share on FacebookShare on Twitter
Sign In or Register to comment.