Return to course: Requirement 12: An overview of the Information Security Policy and Supporting Security Policies and Programs
Previous Lesson
Previous
Course Overview
Requirement 12: An overview of the Information Security Policy and Supporting Security Policies and Programs
Information Security Policy and Acceptable Use Policy
Requirement 12.1 and 12.2
Test your understanding of 12.1 and 12.2
Target Risk Analysis and PCI Compliance Program
Requirement 12.3 and 12.4
Test your understanding of requirements 12.3 and 12.4
Scope, Security Awareness Training, and HR Background Checks
Requirements 12.5, 12.6, and 12.7
Test your understand of 12.5, 12.6, and 12.7
Third Part Service Providers
Requirements 12.8 and 12.9
Test your understanding of requirements 12.8 and 12.9
Incident Response Plan
Requirement 12.10
Test your understanding of requirement 12.10
Test your understanding of requirement 12.10
Suspected and confirmed security incidents that could impact the CDE are responded to when the merchant feels it’s appropriate
*
True
False
An incident response plan includes
*
(A) Roles and responsibilities
(B) containment activities for different types of incidents
(C) contracts with vendors
(D) how to notify payment brands and acquirers of a suspected or confirmed security incident
(E) roll forward processes
(F) C and E only
(G) A and D only
(H) A, B, and D
All elements that must be in the incident response plan per 12.10.1 must be tested at least once every 12 months
*
True
False
Incident response coverage is staffed 24/7 by specific personnel
*
True
False
Incident responders are appropriately and periodically trained on their incident response responsibilities
*
True
False
Detection of unauthorized wireless access points would trigger the security incident response plan
*
True
False
The security incident response plan is static and never changes
*
True
False
By March 31, 2025, Merchants need to update their security incident response plan with the inclusion of a plan of action when PAN is discovered outside the CDE
*
True
False