CompTIA Security+ (SY0-601) — Question 374

An information security officer at a credit card transaction company is conducting a framework-mapping exercise with the internal controls. The company recently established a new office in Europe. To which of the following frameworks should the security officer map the existing controls? (Choose two.)

Answer options

• A. ISO
• B. PCIDSS
• C. SOC
• D. GDPR
• E. CSA
• F. NIST

Correct answer: B, D

Explanation

The correct answers are B (PCIDSS) and D (GDPR) because PCIDSS is essential for organizations handling credit card transactions, ensuring protection of cardholder data, while GDPR sets the legal framework for data protection and privacy in Europe. The other options either do not focus specifically on payment card data or are not directly applicable to the European regulatory environment.