Despite increased awareness of security threats to financial data such as cardholder information, the frequency of data breaches doesn't appear to be slowing down. Some of the more well-known cardholder data breaches occurred over recent years at Adobe, Target, Neiman-Marcus, Target, and Home Depot. Target reported that around 40 million card numbers were stolen, but it's suspected that the actual number was much higher. Securing such data requires strong enforcement and begins a the top of the organization. Senior management either gets it or they don't. In this video we cover the sources of attacks, the various types, and policies and procedures to thwart them. Attacks can originate either internally or externally. Most attacks occur from external sources (64%), but internal attacks are still a large area of concern. Where external attacks are most often malicious, internal ones can also be unintentional and the result of carelessness or ignorance. Stolen laptops, scams, and social engineering are the most common exploits from within. The information, or more accurately, the assets that require protecting consists of the standard credit card information such as card number, expiration date, and security code. Protecting this data comes under the umbrella of risk management, which consists of risk assessment, risk analysis, and risk mitigation. We'll discuss these particular processes in more detail in the other videos in this module.