🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional118 / 129
Question 118 of 129
A financial services company is designing its annual security assessment strategy. The security team must decide how frequently to test each system category. The core payment processing platform is subject to PCI DSS, changes rarely, and handles the highest transaction volume. Executive management wants the assessment strategy to be defensible and aligned with both risk and compliance obligations, without wasting resources on low-value testing. Which approach should the team adopt when defining the assessment schedule for the payment platform?
Reviewed for accuracy · Report an issueNext question