Exam CISM topic 1 question 847 discussion

A. To identify software security weaknesses

I go for A. I dont think its C because C talks about the security architecture. What about other aspects like testing, coding etc? Moreover, the security manager acts as a consultant and usually has no competence in formally approving matters. In such cases, better align with the steering committee.

It's C. A is done by engineers, not by the manager and C is higher level than D, so I believe is C. Manager = high level

Security function there to assess/approve

C. To assess and approve the security application architecture The PRIMARY role of an information security manager in a software development project is typically to assess and approve the security application architecture. This involves ensuring that the design and architecture of the software include appropriate security measures and that it complies with security best practices and organizational security policies. While the other options (A, B, and D) are important responsibilities of an information security manager in the context of software development, assessing and approving the security architecture is a fundamental step to establish a strong foundation for secure software development.

C. To assess and approve the security application architecture

The PRIMARY role of an information security manager in a software development project is D. To enhance awareness for secure software design. The information security manager plays a crucial role in promoting and ensuring secure software development practices throughout the software development lifecycle. Their primary responsibility is to raise awareness and educate the development team on secure software design principles, best practices, and industry standards.

C. To assess and approve the security application architecture