Your company has decided to use the SDLC to create and produce a new information system. You are training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take

place?

A. Operations and Maintenance
B. Initiation
C. Acquisition and Development
D. Implementation

D
Explanation: These security controls take place during the Implementation phase of the SDLC.
The steps in the Systems Development Life Cycle (SDLC) are as follows:
1. Initiate
2. Acquire/Develop
3. Implement
4. Operate/Maintain
5. Dispose