During the design of a new patient management system, a healthcare software provider wants to ensure security is embedded at every stage of the project lifecycle rather than added at the end. Which strategy best meets this goal?
Encrypt all patient data at rest in the database while using standard development practices
Update service-level agreements with third-party providers to require shorter security-incident response times
Limit access to the development and staging environments by implementing strict role-based access controls
Apply a secure SDLC that defines security requirements, enforces secure coding standards, and conducts security testing before deployment
Applying a secure SDLC integrates security from requirements through testing. Defining security requirements early, enforcing secure coding standards, and conducting dedicated security tests before deployment weave protection into every phase. Encrypting only the database, tightening access to development servers, or renegotiating SLAs address isolated concerns but do not embed security across the entire lifecycle.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'introducing security controls during the requirements phase' mean?
Open an interactive chat with Bash
Why is enforcing coding standards important for security?
Open an interactive chat with Bash
What types of security testing should be performed before system release?