A bank headquartered in Europe is under a penetration testing contract which involves testing their payment processing system. What should the penetration tester prioritize to ensure that the engagement aligns with industry-specific compliance requirements?
Focus solely on local country-specific cybersecurity legislation
Prioritize compliance with the General Data Protection Regulation (GDPR)
Ensure adherence to the Payment Card Industry Data Security Standard (PCI DSS)
A tester conducting a penetration test for a European bank must prioritize the Payment Card Industry Data Security Standard (PCI DSS) because it specifically relates to the security of payment processing systems. The GDPR focuses on the protection of personal data within the EU but does not specifically relate to payment card security standards. While the GDPR is important for overall data protection considerations, the PCI DSS is the leading standard that directly addresses the security measures required for payment processing systems, which is pertinent in this case.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PCI DSS?
Open an interactive chat with Bash
How does GDPR differ from PCI DSS?
Open an interactive chat with Bash
Why is compliance with PCI DSS critical for banks?