The quality assurance (QA) department is short-staffed and is unable to test all modules before the anticipated release date of an application. What security control is MOST likely to be violated?
Violated the "Release Control" of Change Management.
Release Control
Once the changes are finalized, they must be approved for release
through the release control procedure. An essential step of the release control process
is to double-check and ensure that any code inserted as a programming aid during the change process (such as debugging code and/or backdoors) is removed before releasing the new software to production. This process also ensures that only approved changes are made to production systems. Release control should also include acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.
The security control that is most likely to be violated in this scenario is:
A. Change management.
Change management involves implementing processes and controls to ensure that changes to the application, including updates and patches, are properly authorized, tested, and implemented in a controlled manner. It ensures that changes to the application do not introduce security vulnerabilities or compromise its integrity.
A. "The CISSP common body of knowledge asserts that change management systems should manage changes related to the entire life cycle of a system including design, development, testing, evaluation, implementation, distribution, and ongoing maintenance."
https://securitythinkingcap.com/change-management-and-how-it-is-essential-to-your-security/#:~:text=Change%20management%20is%20a%20key,significant%20benefits%20to%20an%20organization.
The security control that is most likely to be violated in this scenario is "Change management." Change management is a process that is designed to ensure that changes to systems or applications are made in a controlled and authorized manner, minimizing the risk of disruption or compromise. Testing is an important part of the change management process, as it helps to identify and address any security issues that may be introduced as a result of a change. If the QA department is short-staffed and cannot test all modules before the anticipated release date of an application, it is likely that some changes will not be adequately tested, which could result in security issues being introduced into the application.
D. Correct answer
Mobile code controls is most likely to be violated if the quality assurance (QA) department is short-staffed and unable to test all modules before the anticipated release date of an application. Mobile code controls refers to security measures that are put in place to ensure that code from external sources, such as third-party libraries or open-source components, is properly vetted before it is used in an application. Without proper testing, it is possible that malicious code or vulnerabilities could be included in the application, which would compromise its security.
I agreed with A. Shouldn't be C. What Is Program Management?
Program management refers to managing all processes associated collectively with individual projects, such as looking into the staff, and work-related actions, aligning multiple projects with the company's objectives and reporting on status updates and progress. It also oversees the resource management plan and plans for involved projects regarding strategies and change management.
reference : https://www.simplilearn.com/what-is-program-management-article
The Change Management control can be re-designed to match the release control strategy.
reference : https://cloud.google.com/architecture/devops/devops-process-streamlining-change-approval
A. Change management - can't be this because the solution is not released/ in production yet
B. Separation of environments - it's security control, but the question is about testing
C. Program management - this makes sense, but the question doesn't word well. Not sure if program management has official control but if testing all the modules is agreed upon, and if the product is released, it's clearly a violation of what was agreed for the program scope. I would ask to raise risk and get an endorsement from management if this happens.
D. Mobile code controls - doesn't align with the question
I am thinking this does align with C
PM-11 MISSION/BUSINESS PROCESS DEFINITION
Page last updated:
Control Description
The organization:
Defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and
Determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until achievable protection needs are obtained.
PM-11 MISSION/BUSINESS PROCESS DEFINITION
Control Description
The organization:
Defines mission/business processes with consideration for information security and the resulting risk to organizational operations, organizational assets, individuals, other organizations, and the Nation; and
Determines information protection needs arising from the defined mission/business processes and revises the processes as necessary, until achievable protection needs are obtained.
is this the initial release date? seems like it would be PM
upvoted 2 times
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Roy_Xenon
Highly Voted 2 years, 2 months agojackdryan
1 year, 7 months agoRamye
Most Recent 6 months agohomeysl
9 months, 2 weeks agoSoleandheel
1 year agoBach1968
1 year, 5 months agoHughJassole
1 year, 6 months agoAlex71
1 year, 10 months agoJohnyDal
1 year, 10 months agoDee83
1 year, 11 months agosomkiatr
1 year, 12 months agoIvanchun
2 years agoJamati
2 years, 1 month agorootic
2 years, 2 months agodev46
2 years, 3 months agoCoolwater
2 years, 2 months agostickerbush1970
2 years, 3 months agoCuteRabbit168
2 years, 3 months agoCww1
2 years, 3 months agoCww1
2 years, 3 months ago