Bill has been hired as a penetration tester and cybersecurity auditor for a major credit card company. Which information security standard is most applicable to his role?
In CEH v13 Module 01: Information Security Governance, PCI-DSS (Payment Card Industry Data Security Standard) is introduced as the mandatory compliance framework for organizations handling credit card transactions.
PCI-DSS Requirements Include:
Encrypting cardholder data.
Maintaining secure systems and applications.
Regular vulnerability testing and audits.
Restricting access to sensitive data.
Option Clarification:
A. FISMA: Applies to U.S. federal information systems.
B. HITECH: Related to health information privacy and HIPAA.
C. PCI-DSS: Correct for credit card companies and merchant environments.
D. SOX (Sarbanes-Oxley): Focuses on financial reporting, not card data.
[Reference:, Module 01 – Compliance Standards: PCI-DSS Overview, CEH eBook: Security Regulations in the Financial Sector, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit