A company is building an internal platform that stores sensitive data. They want to handle protective measures at the earliest possible opportunity. Which planning approach is most suitable?
Establish defensive requirements together with other project objectives to ensure consistent tracking
Delay consideration of defensive goals until the final milestone, then perform a security review
Gather insights on weaknesses toward the end of development and handle security features in later phases of the project lifecycle
Design core user functionality first and introduce security tasks in the later phase
Establishing security requirements alongside core project objectives helps ensure protective measures are embedded from the start. This proactive planning reduces the risk of overlooking critical controls and avoids costly retrofits later. Delaying security until later stages increases the chance of integration issues, missed deadlines, or exploitable flaws being introduced late in the development cycle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is it important to establish security requirements at the beginning of a project?
Open an interactive chat with Bash
What are some examples of 'defensive requirements' in project planning?
Open an interactive chat with Bash
How can embedding security early save costs and time in the development process?