Defining what constitutes a breach of information is not easy. Does only criminal activity constitute a breach? Is it only the things we read and hear about in the media (such as the army ‘losing’ data), or does everything that causes damage count as a breach? These are practical questions, even though they may sound strange at first.

When establishing the roles, responsibilities, processes and technologies required in a company to ensure information security, these questions can be answered with ease at the technical level. They start to become more complex once the differing views of affected departments come to light; and the situation is aggravated when the parties involved lose focus and start playing politics ...

Get Managing Information Security: Studies from real life now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.