Data Breaches

A data breach is a security incident within the field of cybersecurity where sensitive, protected, or confidential information is accessed, copied, transmitted, or stolen by an individual unauthorized to do so. As a fundamental concept in computer science, breaches occur when malicious actors exploit vulnerabilities in software, networks, or human behavior, often through methods like phishing, malware, or direct attacks on servers. The consequences of a successful breach can be severe, leading to identity theft for individuals, significant financial loss and reputational damage for organizations, and regulatory penalties for non-compliance with data protection laws.

1. Fundamentals of Data Breaches
   1. Defining a Data Breach
      1. Legal Definitions
      2. Technical Definitions
      3. Industry-Specific Definitions
      4. Distinction from Security Incident
         1. Characteristics of Data Breaches
         2. Characteristics of Security Incidents
         3. Overlap and Differences
      5. Core Components
         1. Unauthorized Access
            1. Methods of Gaining Unauthorized Access
            2. Indicators of Unauthorized Access
         2. Data Exfiltration
            1. Techniques for Data Extraction
            2. Detection of Data Exfiltration
         3. Data Disclosure
            1. Accidental Disclosure
            2. Intentional Disclosure
   2. Key Terminology
      1. Personally Identifiable Information (PII)
         1. Direct Identifiers
         2. Indirect Identifiers
         3. Sensitive PII
         4. Non-Sensitive PII
         5. Risks Associated with PII Exposure
      2. Protected Health Information (PHI)
         1. Definition and Examples
         2. Electronic PHI (ePHI)
         3. Regulatory Protections
      3. Confidential Information
         1. Business Confidential Data
         2. Trade Secrets
         3. Attorney-Client Privileged Information
      4. Threat Actor
         1. Internal Threat Actors
         2. External Threat Actors
         3. Threat Actor Capabilities
      5. Vulnerability
         1. Technical Vulnerabilities
         2. Process Vulnerabilities
         3. Human Vulnerabilities
         4. Vulnerability Lifecycle
      6. Exploit
         1. Zero-Day Exploits
         2. Known Exploits
         3. Exploit Development
         4. Exploit Kits
      7. Attack Vector
         1. Network-Based Vectors
         2. Physical Vectors
         3. Social Engineering Vectors
         4. Supply Chain Vectors
   3. Types of Data Targeted
      1. Financial Data
         1. Credit Card Information
         2. Bank Account Details
         3. Investment Records
         4. Tax Information
      2. Personal Identity Data
         1. Social Security Numbers
         2. Driver's License Information
         3. Passport Information
         4. Birth Certificates
      3. Health Records
         1. Medical Histories
         2. Prescription Information
         3. Insurance Information
         4. Mental Health Records
      4. Intellectual Property
         1. Patents and Designs
         2. Proprietary Algorithms
         3. Research and Development Data
         4. Source Code
      5. Government and State Secrets
         1. Classified Documents
         2. Diplomatic Communications
         3. Military Intelligence
         4. Law Enforcement Records
      6. Corporate Data
         1. Customer Lists
         2. Financial Reports
         3. Strategic Plans
         4. Employee Records