Certified Information Security Manager (CISM) — Question 399

When developing security processes for handling credit card data on the business unit's information system, the information security manager should FIRST:

Answer options

• A. ensure that systems that handle credit card data are segmented.
• B. review industry best practices for handling secure payments.
• C. ensure alignment with industry encryption standards.
• D. review corporate policies regarding credit card information.

Correct answer: D

Explanation

The correct answer is D because understanding corporate policies is crucial before implementing any security measures. This ensures that the processes align with existing guidelines and regulations. Options A, B, and C, while important, should come after reviewing internal policies to guarantee compliance and coherence with organizational standards.