"Breach" comes doen from middle English, and it didn't originally mean "hack into a computer system and steal data". Peter's take is that an unauthorized part broke through at least one layer of defense, and that is certainly something to be concerned about. And I'd call that at least a "partial" breach. Clearly there's a difference between that and routine exposure through normal processing. Also clear is that if the malefactor is prevented from their ultimate goal, then that is *not* a "complete" breach...
Say a bank robber breaches the front door of a bank in the middle of the night, but can't open the safe. Certainly much better than if he had, but the bank doesn't just ignore the incident. One of the tenets of "defense in depth" is that you react to partial failures (breaches) to help prevent a total failure (breach) later. Anyway for legal purposes, one would need to see and abide by the definition used by the authorities involved. I think this is why scientists and lawyers like to use Latin. English is for poetry. sas On Thu, Sep 14, 2017 at 1:39 AM, Timothy Sipples <sipp...@sg.ibm.com> wrote: > Peter Relson wrote: >>Isn't the answer really: no, it would not have prevented the breach but it >>would have prevented the breach from having the undesirable effects (e.g., >>exposing sensitive data)? > ... > > In my view, your definition is not what most people mean with the word > "breach." I agree with most people. I don't think a hyper technical > definition is too useful here, and it could easily be misleading and take > precious focus off what the planet really needs. If your definition of > "breach" holds, then you have to clarify why sending sensitive data over a > properly encrypted VPN connection, or discarding/recycling a properly > encrypted and physically intact disk or tape, is not a "breach." ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
