Your application needs to process credit card transactions.
You want the smallest scope of Payment Card Industry (PCI) compliance without compromising the ability to analyze transactional data and trends relating to which payment methods are used.
How should you design your architecture?
Click on the arrows to vote for the correct answer
A. B. C. D. E.A.
https://www.sans.org/reading-room/whitepapers/compliance/ways-reduce-pci-dss-audit-scope-tokenizing-cardholder-data-33194To minimize the scope of Payment Card Industry (PCI) compliance while still being able to analyze transactional data and trends, the best design approach is to use tokenization and network isolation.
Option A, "Create a tokenizer service and store only tokenized data," is the correct answer. Tokenization involves replacing sensitive data with a randomly generated token, which can then be stored and analyzed without compromising the security of the original data. By tokenizing credit card data, the application can analyze transactional data and trends without having to worry about PCI compliance for the actual credit card data.
Option B, "Create separate projects that only process credit card data," is not the best approach as it would require creating multiple projects and duplicating the necessary components for each project. This can lead to higher costs and management complexity.
Option C, "Create separate subnetworks and isolate the components that process credit card data," is also a good option. By isolating the components that process credit card data into their own subnetworks, the risk of a security breach or unauthorized access to sensitive data is reduced.
Option D, "Streamline the audit discovery phase by labeling all of the virtual machines (VMs) that process PCI data," is not a comprehensive solution to minimize PCI compliance scope. Labeling VMs can help with auditing, but it does not provide a complete solution for protecting sensitive data.
Option E, "Enable Logging export to Google BigQuery and use ACLs and views to scope the data shared with the auditor," is not the best approach as it still requires PCI compliance for the actual credit card data. Logging export to BigQuery can provide valuable insights into transactional data and trends, but it is not a complete solution for minimizing the PCI compliance scope.
In summary, the best approach is to use tokenization to replace sensitive credit card data with randomly generated tokens, allowing the application to analyze transactional data and trends without having to worry about PCI compliance for the actual credit card data. Additionally, isolating the components that process credit card data into their own subnetworks can further reduce the risk of security breaches or unauthorized access.