Security must be considered during the acquisition of new software in the request for proposal (RFP) process, which is the process of soliciting bids from potential vendors and evaluating their proposals based on predefined criteria. The RFP should include the security requirements and specifications for the software, such as functionality, performance, compatibility, compliance, and testing. The RFP should also include the security evaluation criteria and methods for the vendor selection, such as security certifications, audits, reviews, and demonstrations. Security should be considered in the RFP process to ensure that the software meets the security needs and expectations of the organization, and to avoid potential risks, costs, and liabilities associated with insecure software12. References: CISSP CBK, Fifth Edition, Chapter 3, page 211; CISSP Practice Exam – FREE 20 Questions and Answers, Question 10.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit