Information Security vs. Cybersecurity, Part 1
by Brent Kirkpatrick
(Date Published: 2/8/2018.)
This example would be a failure of cybersecurity, if your security policy strictly lists (or even implies) who should be allowed access. It is not a failure of information security, if only people on the allowed list accessed the data.
Do you trust your access logs? If you trust your access logs, you would rule this example a close call, but not a breach. If you do not trust your access logs, perhaps they were hacked or buggy, then you would rule this a breach.
What kind of security do you want?
defendIT (TM). AI-driven security measures derived from security incident data.