Exam CISM Topic 2 Question 647 Discussion
Actual exam question for ISACA's CISM exam
Question #: 647
Topic #: 2
Question #: 647
Topic #: 2
To ensure that a new application complies with information security policy, the BEST approach is to:
Suggested Answer: C Vote an answer
Explanation
Performing a vulnerability analysis is the best option to ensure that a new application complies with information security policy because it helps to identify and evaluate any security flaws or weaknesses in the application that may expose it to potential threats or attacks, and provide recommendations or solutions to mitigate them. Reviewing the security of the application before implementation is not a good option because it may not detect or prevent all security issues that may arise after implementation or deployment. Integrating security functionality at the development stage is not a good option because it may not account for all security requirements or challenges of the application or its environment. Periodically auditing the security of the application is not a good option because it may not address any security issues that may occur between audits or after deployment. References:
https://www.isaca.org/resources/isaca-journal/issues/2017/volume-2/secure-software-development-lifecycle
https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/integrating-assurance-functions
Performing a vulnerability analysis is the best option to ensure that a new application complies with information security policy because it helps to identify and evaluate any security flaws or weaknesses in the application that may expose it to potential threats or attacks, and provide recommendations or solutions to mitigate them. Reviewing the security of the application before implementation is not a good option because it may not detect or prevent all security issues that may arise after implementation or deployment. Integrating security functionality at the development stage is not a good option because it may not account for all security requirements or challenges of the application or its environment. Periodically auditing the security of the application is not a good option because it may not address any security issues that may occur between audits or after deployment. References:
https://www.isaca.org/resources/isaca-journal/issues/2017/volume-2/secure-software-development-lifecycle
https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/integrating-assurance-functions
by Mandel at Jul 17, 2025, 05:48 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).