Certified Chief Information Security Officer (CCISO) — Question 113

What role should the CISO play in properly scoping a PCI environment?

Answer options

• A. Complete the self-assessment questionnaire and work with an Approved Scanning Vendor (ASV) to determine scope
• B. Work with a Qualified Security Assessor (QSA) to determine the scope of the PCI environment
• C. Validate the business units' suggestions as to what should be included in the scoping process
• D. Ensure internal scope validation is completed and that an assessment has been done to discover all credit card data

Correct answer: D

Explanation

The correct answer, D, emphasizes the CISO's duty to ensure thorough internal validation of the scope and the identification of all credit card data, which is critical for PCI compliance. Options A and B focus on external assessments and questionnaires rather than the internal validation process. Option C involves validating suggestions from business units but does not address the comprehensive scope validation required by the CISO.