IT Examiner School - Oct 2025

Internal Use Only

App Development & Key Risks Application Development Purpose & Process • Define, design, build, test, and implement systems or components. • May be in-house or acquired from a third party • Requires business & IT alignment with clear sponsorship and communication • Uses test vs. production environments , •

Key Risks if PM is Weak

Malicious Code / Sabotage – Malware or backdoors introduced. • Unintentional Vulnerabilities – Insecure defaults, open ports, logic flaws. • Process & Code Errors – Missed requirements or miscalculations causing outages. • Security Gaps – No early secure design, coding reviews, and change control. • Operational & Cost Impact – Delays, overruns, unsupported or end-of-life systems.

prototypes, integration into existing systems • Oversight by senior management & board for major initiatives.

Internal Use Only

Group Activity: What’s in a Change?

Change Scenario

Which of the following (Changes) would apply or be required for each activity? Select A, B, or C for each Change Scenario on the right. A.Major/Significant Changes B.Routine Changes C.Emergency Changes

Core Banking Platform Upgrade

Quarterly Patch Deployment

Critical Firewall Rule Update During Attack

Implementation of Multi-Factor Authentication (MFA)

Adding User to a Standard Group

Unplanned termination of IT Admin Role