A technician discovers that a coworker is storing customer credit card information on a company server that is not compliant with the Payment Card Industry Data Security Standard (PCI DSS). What is the BEST immediate action the technician should take?
Delete the customer credit card information from the server to ensure it is not compromised.
Isolate the server from the network until the compliance issue is resolved.
Report the discovery to the appropriate management personnel according to the company's incident response procedures.
Immediately secure the credit card information with encryption to prevent unauthorized access.
The technician should immediately report the incident to their supervisor or the appropriate management personnel. Storing sensitive payment card information on non-compliant systems can result in significant security risks, data breaches, and non-compliance penalties. While securing the information is important, it is imperative first to report the incident following the company's incident response procedures prior to any other actions to ensure proper handling of the situation. Securing the data might still not be compliant with PCI DSS and could potentially tamper with evidence, while destroying the information might lead to loss of critical data needed for an investigation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is PCI DSS and why is it important?
Open an interactive chat with Bash
What are incident response procedures?
Open an interactive chat with Bash
Why is it important to report security incidents promptly?