Overview[1]#

Real Risk are Risks about Access Control to Protected Resources

Things like customer and personal data, credit Card information, employee data, and access to processes like the recent Iranian nuclear processing centrifuges that were hacked into and then stopped and started over and over until they blew up.

For Real Risk Regulatory compliance and Standard compliance processes are not enough. Real Risk about Data Protection and the Magnitude of the Potential loss is far greater than just a fine.

Real Risk could be any of the following:

• financial damage which could be caused by: * Reputational damage * brand image * Regulatory compliance by way of fines
• Criminal action will may all have a high Magnitude of the Potential loss the company.

Real Risk For Organizational Entity#

PCI SSC Such standards help ensure healthy and trustworthy payment Card transactions for the hundreds of millions of people worldwide that use their cards every day.

Potential Liabilities for Organizational Entity Real Risk:

• Lost confidence, so customers go to other merchants
• Diminished sales
• Cost of reissuing new Payment Cards
• Fraud losses
• Higher subsequent costs of Compliance
• Legal costs, settlements and judgments
• Fines and penalties
• Termination of ability to accept Payment Cards
• Lost jobs (CISO, CIO, CEO and dependent professional positions)
• Going out of business

Hackers want Cardholder Data and will go to tremendous Attack Effort to get it. !! More Information There might be more information for this subject on one of the following:

• Criminal action
• Financial damage
• Regulatory Risk
• Risk
• Risk Assessment
• Threat Model

---

• [#1] - Real vs. Regulatory Risk - based on information obtained 2016-05-04