Your company is engineering an information system to support the new business of selling toys online. As a security professional, in which phase should you ensure the use of secure information system development processes according to the System Development Life Cycle (SDLC) from the National Institute of Standards and Technology (NIST)?
A. Initiation
B. Development/Acquisition
C. Implementation/Assessment
D. Operations and Maintenance

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Initiation.

NIST SP 800-64 R2

This post is copied from the second question in CISSP PRACTICE QUESTIONS – 20190830, which has two questions, to serve as the QOTD of 20190901 on 20200816.