CompTIA Security+ (SY0-601) — Question 397

A Chief Information Security Officer (CISO) needs to create a policy set that meets international standards for data privacy and sharing. Which of the following should the CISO read and understand before writing the policies?

Answer options

• A. PCI DSS
• B. GDPR
• C. NIST
• D. ISO 31000

Correct answer: B

Explanation

The General Data Protection Regulation (GDPR) is specifically designed to protect personal data and privacy for individuals within the European Union, making it essential for the CISO’s policy set. While PCI DSS focuses on payment card security, NIST provides cybersecurity frameworks, and ISO 31000 addresses risk management, none of these are specifically centered on data privacy like GDPR.