Which statement accurately reflects the responsibility for monitoring and controlling all access to data?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the PCI DSS Requirements Test with our interactive quizzes. Use multiple choice questions, flashcards, and detailed explanations. Ace your exam with confidence!

Multiple Choice

Which statement accurately reflects the responsibility for monitoring and controlling all access to data?

Explanation:
The key idea is that information security management owns the authority and accountability for access control. They establish and enforce the policies that determine who can access data, under what conditions, and what level of access is appropriate. This includes creating and maintaining access control procedures, provisioning and revoking user access, enforcing least-privilege, and monitoring access activity through logs and authentication controls. External auditors assess and verify that these controls exist and are effective, but they do not bear day-to-day ownership of the controls. The IT help desk might perform routine tasks like password resets or access provisioning requests, but the overarching responsibility to monitor and control access rests with information security management. The option that access control isn’t required is incorrect, since PCI DSS requires strict access controls to protect cardholder data.

The key idea is that information security management owns the authority and accountability for access control. They establish and enforce the policies that determine who can access data, under what conditions, and what level of access is appropriate. This includes creating and maintaining access control procedures, provisioning and revoking user access, enforcing least-privilege, and monitoring access activity through logs and authentication controls. External auditors assess and verify that these controls exist and are effective, but they do not bear day-to-day ownership of the controls. The IT help desk might perform routine tasks like password resets or access provisioning requests, but the overarching responsibility to monitor and control access rests with information security management. The option that access control isn’t required is incorrect, since PCI DSS requires strict access controls to protect cardholder data.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy