What should be done when unauthorized wireless access points are detected?

• A. Implement incident response procedures in the event unauthorized wireless access points are detected.
• B. Ignore unauthorized devices if they do not affect operations.
• C. Schedule a review in the next annual cycle.
• D. Escalate the issue but without predefined procedures.

Answer: (A)

When rogue wireless access points are found, you must follow a prepared incident response process. Detecting unauthorized devices is a security incident that can enable data exposure, so the organization should immediately activate its incident response plan and run through the defined steps: identify and contain the device, investigate the scope, eradicate the threat, recover systems, and communicate with appropriate stakeholders. Having predefined procedures ensures a fast, coordinated, and repeatable response, which reduces the risk to cardholder data and helps meet PCI DSS expectations. Ignoring the devices, delaying action for an annual review, or escalating without a formal plan all fail to provide the timely, structured response required to protect the environment.