When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?
A . How many credit records are stored?
B . What is the value of the assets at risk?
C . What is the scope of the certification?
D . How many servers do you have?

Answer: C

When an organization claims it is secure because it is PCI-DSS certified, what is a good first question to ask towards assessing the effectiveness of their security program?

Author

Leave a Reply Cancel reply