A breach, in the context of information security, is a security event where the confidentiality, integrity, or availability of an information asset has been compromised. It’s often the result of a successful cyber attack or an internal mistake, leading to unauthorised access, disclosure, or destruction of information.
Types & Examples
- Data Breach: The most common type, involving the unauthorised exposure of sensitive information.
- Example: A hacker gains access to a database and steals customer credit card numbers.
- Confidentiality Breach: Unauthorised disclosure of information.
- Example: An employee accidentally emails a confidential report to a competitor.
- Integrity Breach: The unauthorised modification or destruction of data.
- Example: A virus corrupts a company’s financial records, or an unauthorised user alters a patient’s medical history.
- Availability Breach: A disruption that makes information or systems unavailable.
- Example: A distributed denial-of-service (DDoS) attack that takes down a company’s website, preventing customers from accessing online services.
Context
While the ISO 27001 standard itself doesn’t use the term “breach” as frequently as “incident,” it is a severe type of information security incident. The standard’s requirements for incident management (ISO 27001 Annex A 5.24 Information Security Incident Management Planning and Preparation), assessing incidents (ISO 27001 Annex A 5.25 Assessment And Decision On Information Security Events, responding to incidents (ISO 27001 Annex A 5.26 Response To Information Security Incidents) and learning from incidents (ISO 27001 Annex A 5.27 Learning From Information Security Incidents) are designed to help organisations prepare for, detect, and respond to breaches effectively, minimising their impact.
