Defining what constitutes a breach of information is not easy. Does only criminal activity constitute a breach? Is it only the things we read and hear about in the media, (such as the Army ‘losing’ data,) or does everything that causes damage count as a breach? These are practical questions, even though they may sound strange at first.

When establishing the roles, responsibilities, processes and technologies required in a company to assure information security, these questions can be answered with ease at the technical level. They start to become more complex once the differing views of affected departments come to light; and the situation is aggravated when the parties involved lose focus and start playing ...