Certified Information Systems Security Professional (CISSP) — Question 360

Which of the following regulations dictates how data breaches are handled?

Answer options

• A. Payment Card Industry Data Security Standard (PCI-DSS)
• B. National Institute of Standards and Technology (NIST)
• C. Sarbanes-Oxley (SOX)
• D. General Data Protection Regulation (GDPR)

Correct answer: D

Explanation

The General Data Protection Regulation (GDPR) outlines strict guidelines for data protection and breach notification, making it the correct answer. While PCI-DSS and NIST provide standards for security practices, they do not specifically dictate data breach handling. Sarbanes-Oxley (SOX) focuses more on financial reporting and compliance rather than data breaches.