ISC2 CISSP Practice Question

The correct answer is the combination of PCI DSS and COBIT. The Payment Card Industry Data Security Standard (PCI DSS) is specifically designed for organizations that handle credit card information, making it essential for the financial institution's credit card processing operations. It provides detailed requirements for securing cardholder data. Control Objectives for Information and Related Technology (COBIT) is a framework that focuses on IT governance and management across the enterprise, offering a comprehensive approach to aligning IT with business objectives.

ISO 27001 is a good general security framework but doesn't specifically address payment card requirements like PCI DSS does. NIST CSF is more focused on cybersecurity and is often used in the US public sector. While SABSA is an excellent security architecture framework, it doesn't provide the specific payment card industry controls needed. FedRAMP is primarily for cloud services in U.S. government agencies and wouldn't be appropriate for a global financial institution's core operations.