What oversight should the information security team have in the change management process for application security?
A.
Information security should be informed of changes to applications only
B.
Development team should tell the information security team about any application security flaws
C.
Information security should be aware of any significant application security changes and work with developer to test for vulnerabilities before changes are deployed in production
D.
Information security should be aware of all application changes and work with developers before changes are deployed in production
Role of Information Security in Change Management:Information security must ensure that changes to applications are secure and do not introduce vulnerabilities into the production environment.
Key Considerations:
Significant changes often involve high-risk modifications requiring additional oversight.
Testing for vulnerabilities before deployment ensures that risks are mitigated proactively.
Why Not Other Options:
Option A: Merely being informed lacks active involvement and oversight.
Option B: Reactive approach to application flaws is inadequate.
Option D: Monitoring all changes is unnecessary and inefficient, focusing on significant changes is more practical.
EC-Council CISO Alignment:This approach balances security with operational efficiency, ensuring application changes meet security standards without excessive overhead.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit