Given the volume of sensitive information collected and used by organizations to carry out their functions, it is almost inevitable that at one time or another a loss of control of such information will occur. Even though preventative activities based on the results of risk assessments and general best practices can lower the number of such incidents, not all incidents can be prevented, and no information security policies or safeguards will guarantee total protection of information and systems.

Despite efforts at identifying ...