Obtaining Customer Agreement in Planning the Technical Effort

B.

The task that obtains the customer agreement in planning the technical effort would typically be Task 10 in the Information Systems Security Engineering Professional (ISSEP) process.

Task 10 is called "Develop Security Engineering Plans and Procedures." In this task, the security engineering team develops a set of plans and procedures to guide the implementation of security measures for the system or application being developed. The plans and procedures take into account the system's security requirements and the customer's needs and expectations.

As part of the development of these plans and procedures, the security engineering team will typically engage with the customer to ensure that their requirements and expectations are met. This engagement will involve obtaining customer agreement on the technical effort required to implement the security measures, including any trade-offs that may need to be made between security and other system requirements.

Tasks 8 and 9 are also related to planning and requirements gathering, but they do not specifically address the customer agreement on the technical effort required. Task 8 is "Develop Security Requirements Traceability Matrix," which involves developing a matrix that maps system requirements to security requirements. Task 9 is "Develop Security Architecture," which involves developing a security architecture for the system.

Task 11, "Develop Security Test and Evaluation Plans," is related to testing and evaluating the effectiveness of the security measures that have been implemented. While customer agreement may be sought during this task, it is not specifically focused on obtaining customer agreement in planning the technical effort.

Therefore, the most appropriate answer to the question is D, Task 10, "Develop Security Engineering Plans and Procedures."