Keywords >> Retail. The only item tied specifically to "retail" is PCI DSS - as related to the protection of credit card payment transactions and the cardholder data.

D. Payment Card Industry Data Security Standards (PCI-DSS) Here's why: Option A: ITIL is a framework for IT service management, not a regulation. While it can be helpful in managing compliance processes, it doesn't directly dictate specific compliance requirements. Option B: NIST standards are broad and encompass various areas, including cybersecurity. However, they are not specific to retail companies or payment card data security. Option C: ISO standards also cover a wide range of areas, including some relevant to retail, like ISO 9001 for quality management. However, none directly address payment card data security like PCI-DSS does. Option D: PCI-DSS is a set of security standards specifically designed to ensure the safe handling of cardholder data by organizations that accept, transmit, or store payment card information. This directly applies to most, if not all, global retail companies that process customer payments.

PCI-DSS is the correct answer

The quality of this question could be enhanced by indicating that this global retail company accepts Credit Card. It doesn’t indicate anywhere in the question.

PCI-DSS is not a regulation as tnagy says. NIST is US based. It is a global company. The best answer is ISO.

NIST is enforced by regulations in the USA governmental bodies.

D is Correct, it is the only mandatory while the other are optional.