212-82 · Question #155
212-82 Question #155: Real Exam Question with Answer & Explanation
The correct answer is C: Qceneral Data Protection Regulation (CDPR) - European Union. GDPR as the Priority Framework for International Financial Services Why C is Correct: The General Data Protection Regulation (GDPR) is a legally binding law with extraterritorial reach - any firm handling EU citizens' data, regardless of where the firm is headquartered, must comp
Question
A global financial services firm Is revising its cybersecurity policies to comply with a diverse range of international regulatory frameworks and laws. The firm operates across multiple continents, each with distinct legal requirements concerning data protection, privacy, and cybersecurity. As part of their compliance strategy, they are evaluating various regulatory frameworks to determine which ones are most critical to their operations. Given the firm's international scope and the nature of its services, which of the following regulatory frameworks should be prioritized for compliance?
Options
- AISO 27001 Information Security Management System
- BISO 27002 Code of Practice for information security controls
- CQceneral Data Protection Regulation (CDPR) - European Union
- DNIST Cybersecurity Framework
Explanation
GDPR as the Priority Framework for International Financial Services
Why C is Correct: The General Data Protection Regulation (GDPR) is a legally binding law with extraterritorial reach - any firm handling EU citizens' data, regardless of where the firm is headquartered, must comply or face severe financial penalties (up to 4% of global annual revenue). For a global financial services firm operating across continents, GDPR represents the highest-stakes compliance obligation because it is a mandatory legal requirement, not a voluntary standard.
Why the Distractors Are Wrong:
- A (ISO 27001) is a voluntary international certification standard for information security management - it demonstrates best practices but carries no legal penalty for non-compliance
- B (ISO 27002) is simply a supplementary code of practice that provides guidance for implementing ISO 27001 controls - it is even further removed from legal obligation
- D (NIST CSF) is a U.S.-developed voluntary framework primarily designed to help organizations manage cybersecurity risk - it has no binding legal authority internationally
Memory Tip: Think "R for Regulation = Real Penalties." GDPR is the only true Regulation among the choices - the others are frameworks, standards, or codes of practice. When a question asks about legal compliance across borders, prioritize binding laws and regulations over voluntary standards every time.
Topics
Community Discussion
No community discussion yet for this question.