Your company has an e-commerce site that is publicly accessible over the Internet. The e-commerce site accepts credit card information from a customer and then processes the customer’s transaction. Which standard or law would apply for this type of data?
A. The Economic Espionage Act of 1996
B. PCI DSS
C. Basel II
D. SOX
The correct answer is B.
The Payment Card Industry Data Security Standard (PCI DSS) applies to any entity that transmits, stores, or accepts credit card data. This is a private sector standard and not a law.
The Economic Espionage Act of 1996 protects companies from industry or corporate espionage, and specifically addresses technical, business, engineering, scientific, or financial trade secrets.
Basel II is an accord that went into effect in 2006. This accord affects financial institutions. Its three main pillars are as follows:
- Minimum Capital Requirements — determines the lowest amount of funds that a financial institute must keep in hand.
- Supervision — ensures oversight and review of risks and security measures.
- Market Discipline — requests members to disclose risk exposure and to validate market capital.
The Sarbanes-Oxley (SOX) Act of 2002 was written to prevent companies from committing fraud by knowingly providing inaccurate financial reports to shareholders and the public. It is mainly concerned with corporate accounting practices. Section 404 of this act specifically addresses information technology.
CISSP Question of the Week courtesy of Transcender Labs.