In which process MUST security be considered during the acquisition of new software?
Correct Answer: B
Security must be considered during the acquisition of new software in the request for proposal (RFP) process, which is the process of soliciting bids from potential vendors and evaluating their proposals based on predefined criteria. The RFP should include the security requirements and specifications for the software, such as functionality, performance, compatibility, compliance, and testing. The RFP should also include the security evaluation criteria and methods for the vendor selection, such as security certifications, audits, reviews, and demonstrations. Security should be considered in the RFP process to ensure that the software meets the security needs and expectations of the organization, and to avoid potential risks, costs, and liabilities associated with insecure software12. References: CISSP CBK, Fifth Edition, Chapter 3, page 211; CISSP Practice Exam - FREE 20 Questions and Answers, Question 10.