Your business has decided to add credit card numbers to the data it backs up to tape. Which of the following represents the best practice your business should observe?
A.
Do not back up either the credit card numbers or their hashes.
B.
Encrypt backup tapes that are sent off-site.
C.
Back up the hashes of the credit card numbers not the actual credit card numbers.
D.
Hire a security consultant to provide direction.
PDC DSS plays a major part in including Credit Card Numbers in backup data that is transported. PDC standards include "Protecting stored cardholder data. Encryption, hashing, masking and truncation are methods used to protect card holder data." Answer B does sound logical. However, consider this, Transporting credit card data adds another factor in protecting the backup data. Is encrypting really enough? https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
Its definitely B reason be that, for security purpose and safety, encrypting the drive and locking in a box while transporting makes it more secure and safe.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
PT_Go_Hard_2
3 weeks agoczarul79
4 months ago_pasha
5 months, 1 week agoXipher
5 months, 2 weeks agoBiesio
7 months, 1 week agoMagicianRecon
7 months, 3 weeks ago