Big4Guy

Confessions, Thoughts, Observations and Musings of a Big4Guy

Big4Guy

Welcome to Big4Guy.com. Big4Guy is an online resource where I will share with you the latest news, insights, knowledge and some experiences as a Big 4 consultant. We will discuss some of the important issues which organisations are facing today in the areas of information security, security and controls in SAP R/3, Oracle Applications, J.D.Edwards, Peoplesoft and various other ERP's. You will also find information on latest complaince regulations like Sarbanes Oxley, Basel II and so on. Big4guy will also attempt to provide valuable resources for individuals interested in examinations the CISA, CISM, CISSP, PMP and various other security certifications considered essential for entry in any Big 4 accounting, auditing and consulting firms. You are invited to post your comments and viewpoints to posts here. I sincerely hope this online journal will be useful to everyone from a budding student to a professional in the accounting, auditing, management and consultancy professions.

Post details: Certified Information Systems Auditor Exam - SDLC Systems Development Lifecycle Question

12/20/05

10:54:07 pm, Categories: CISA Exam, 89 words

Certified Information Systems Auditor Exam - SDLC Systems Development Lifecycle Question

Here is a simple Question adapted from the CISA exam.

Q). In a Systems Development Lifecycle, information security controls should be

Options:

A. Designed during the implementation phase
B. Implemented Prior to Validation
C. Should be taken up as part of the feasibility stage
D. Specified after the coding phase

Answer: As a best practice controls should be taken up in the feasibility stage of the SDLC. The earlier the controls are introduced in the SDLC, the cheaper they are and the easier it is to ensure better controls.