4: Case Studies
60
The exposure in this case is relative to both sensitive
data files and PCI DSS assets being exposed to high
potentials of unauthorised access and the potential of
abuse. Regarding the data that was ported to a
common Cloud-based platform, the implicit risk of
such an exposure increases as there are other ways to
access it.
Taking into account the cost of corrective action and
the ramifications of adverse press, the financial
impact was likely high. However, while data was
exposed and the standards fell far short of what is
stipulated in the Data Protection Act and PCI DSS,
the situation was never dealt with and was allowed to
continue, meaning the actual associated financial
implication was zero.
In conclusion, there ...