Which of the following is the LEAST effective at meeting the Fair Information Practice Principles (FIPPs) in the Systems Development Life Cycle (SDLC)?
A.
Conducting privacy threat modeling for the use-case
B.
Following secure and privacy coding standards in the development
C.
Developing data flow modeling to help the purpose, protection and retention of sensitive data
D.
Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks
The correct answer is D. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks.
While reviewing code against OWASP Top 10 Security Risks is important for identifying and mitigating security vulnerabilities, it is primarily focused on security rather than privacy. The Fair Information Practice Principles (FIPPs) are more directly related to privacy concerns, such as data minimization, purpose limitation, and transparency, which are better addressed by the other options listed. Therefore, reviewing code against OWASP Top 10 is the least effective at specifically meeting the FIPPs in the Systems Development Life Cycle (SDLC).
where can you find the reference to this question?
upvoted 1 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Ssourav
3 months, 2 weeks agoDrMai
1 year, 1 month ago