handling the truth

Security is about protecting someone or something from someone or something.

Information Security does not exist in a vacuum. There is a context.

For intentional threat sources, the context is the motive behind an attack. As an example, consider an orchestrated release of correct information which was obtained without authorization. It is of course a breach of confidentiality. But that's just the means. The real attack involves releasing information as a projectile. Can your organisation handle the truth?