Information Security is often considered an excessive, after-the-fact cost when a project or initiative is completed. What can be done to ensure that security is addressed cost effectively?
A.
User awareness training for all employees
B.
Installation of new firewalls and intrusion detection systems
C.
Launch an internal awareness campaign
D.
Integrate security requirements into project inception
By integrating security requirements from the beginning of a project, security is built-in rather than treated as an afterthought.
This approach reduces costs and ensures compliance with security objectives throughout the project lifecycle.
Why Other Options Are Incorrect:
A. User awareness training: Important but does not address the systemic issue of integrating security into project planning.
B. Installation of new firewalls: A technical solution that addresses only part of the broader need for integrated security.
C. Launch an awareness campaign: Awareness is helpful but does not ensure cost-effective security implementation.
EC-Council CISO Reference:
The program stresses security-by-design principles to minimize costs and maximize effectiveness.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit