Certified Chief Information Security Officer (CCISO) — Question 163

Scenario: An organization has made a decision to address Information Security formally and consistently by adopting established best practices and industry standards. The organization is a small retail merchant but it is expected to grow to a global customer base of many millions of customers in just a few years. This global retail company is expected to accept credit card payments.
Which of the following is of MOST concern when defining a security program for this organization?

Answer options

• A. Adherence to local data breach notification laws
• B. Compliance to Payment Card Industry (PCI) data security standards
• C. Compliance with local government privacy laws
• D. International encryption restrictions

Correct answer: B

Explanation

The correct answer is B because compliance with Payment Card Industry (PCI) data security standards is crucial for organizations handling credit card transactions, ensuring the protection of customer payment information. While local data breach laws, privacy regulations, and encryption laws are important, they are secondary to the specific requirements of PCI standards which directly impact the organization's ability to securely process payments.