Security Incident vs Breach

Information Security has three core values that need to be protected known as the CIA triad:

  • Confidentiality of the Information: only those with a need to know have access.
  • Integrity of the Information: the data is not altered, destroyed and is otherwise accurate for the authorized users.
  • Availability of the Information: authorized users have access when needed.

When we see evidence that any one or more of these three principles have been violated there is an information security incident. Once a a potential incident has been detected we engage an incident response process to gather details around the incident and respond with any necessary remediation.

During the investigation if we further determine that information has left the control of our systems and been accessed and copied by unauthorized users we now have a breach. A breach is a confirmed disclosure of information to an unauthorized party. Not just the potential for exposure, but a confirmed egress of the data.

Thus all breaches are security incidents but not all incidents are a breach.