PCI DSS Fundamentals Exam

A Sustainable Compliance Program must: - correct answer-Be implemented into Business-as-usual (BAU) activities as part of the organizations overall security strategy. True or False: The driving objective behind all PCI DSS compliance activities is to attain a compliant report. - correct answer-False ongoing security of cardholder data is the driving objective which will lead to a compliant report Effective metrics program can provide useful data for: - correct answer-Allocation of resources to minimize risk occurrence and measure the business consequences of security events. Security Goals should include: - correct answer-Continuous monitoring, testing, documenting implementation, effectiveness, efficiency, impact, and status of controls and activities. Control-failure response processes should include: - correct answer-minimizing the impact of the incident, restoring controls, performing root-cause analysis and remediation, implementing hardening standards and enhancing monitoring. True or False: 3rd party providers are monitored by issuers - correct answer-False, Organizations should develop and implement processes to monitor the compliance status of its service providers to determine whether a change in status requires a change in the relationship. True or False: Organizations should evolve their controls with the threat landscape, changes in organizations structure, new business initiatives, and changes in business processes and technologies - correct answer-True Evolving security reduces the negative impact on an organizations security posture. How can organizations prevent "fall-off" between assessments - correct answer-Develop a well designed program of security controls and monitoring practices.