312-50V11 · Question #950
Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?
The correct answer is C. PCI-DSS. PCI-DSS is the mandatory security standard governing penetration testing and audits for organizations that handle payment card data.
Question
Bill has been hired as a penetration tester and cyber security auditor for a major credit card company. Which information security standard is most applicable to his role?
Options
- AFISMA
- BHITECH
- CPCI-DSS
- DSarbanes-OxleyAct
How the community answered
(25 responses)- A4% (1)
- C92% (23)
- D4% (1)
Why each option
PCI-DSS is the mandatory security standard governing penetration testing and audits for organizations that handle payment card data.
FISMA (Federal Information Security Management Act) applies to U.S. federal government agencies and their contractors, not to private-sector credit card companies.
HITECH governs the security and privacy of electronic protected health information in the healthcare sector, not payment card data.
PCI-DSS (Payment Card Industry Data Security Standard) was established by the major card brands and explicitly requires regular penetration testing and security audits for any entity that processes, stores, or transmits cardholder data. As an auditor and penetration tester at a credit card company, Bill's entire engagement scope is defined and mandated by PCI-DSS requirements. No other listed standard specifically addresses payment card security obligations.
The Sarbanes-Oxley Act mandates financial reporting controls and corporate governance for publicly traded companies but does not specifically address payment card data security or penetration testing requirements.
Concept tested: PCI-DSS applicability to payment card security auditing
Source: https://www.pcisecuritystandards.org/document_library/
Topics
Community Discussion
No community discussion yet for this question.