CISSP · Question #489
An organization is required to comply with the Payment Card Industry Data Security Standard (PCI-DSS), what is the MOST effective approach to safeguard digital and paper media that contains cardholder
The correct answer is C. Mandate encryption of cardholder data.. The most effective approach to safeguard digital and paper media that contains cardholder data is to mandate encryption of cardholder data. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm, so that only authorized parties can ac
Question
Options
- AUse and regularity update antivirus software.
- BMaintain strict control over storage of media
- CMandate encryption of cardholder data.
- DConfigure firewall rules to protect the data.
How the community answered
(25 responses)- A8% (2)
- B4% (1)
- C76% (19)
- D12% (3)
Explanation
The most effective approach to safeguard digital and paper media that contains cardholder data is to mandate encryption of cardholder data. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm, so that only authorized parties can access or modify the data. Encryption protects the confidentiality, integrity, and availability of cardholder data, which is any personally identifiable information associated with a cardholder, such as name, account number, expiration date, or security code. Encryption also helps to comply with the Payment Card Industry Data Security Standard (PCI-DSS), which is a set of requirements and guidelines for ensuring the security of payment card transactions and data. PCI-DSS requires that cardholder data must be encrypted when stored or transmitted over public networks, and that encryption keys must be protected and managed securely. Using and regularly updating antivirus software, maintaining strict control over storage of media, and configuring firewall rules to protect the data are also good practices to safeguard cardholder data, but they are not as effective as encryption, as they may not prevent unauthorized access or modification of the data, or they may not apply to all types of media or scenarios.
Topics
Community Discussion
No community discussion yet for this question.