Abstract
A secure information infrastructure is required to sustain competitive advantage. Despite creditable efforts, there are
visible failures of Information Security (IS). Breach data offers necessary relatively unbiased and robust feedback to
reveal what is overlooked for apt countermeasures and improved IS decisions. None of the previous works done
analyzing breach data critically examine the process of breach data capture and reporting system, and breach data
capture frameworks from a holistic perspective for improved substantive feedback, which this work addressed. A
model of breach data capture and reporting system was proposed through argumentation and a fluid iterative cycle of
awareness, suggestion, development, evaluation and conclusion. A breach data capture framework was proposed
through argumentation and examination of existing related frameworks, employing the fluid iterative cycle, while
fostering acceptability. The framework was evaluated in comparison with existing breach data capture frameworks.
The proposed model and framework are complimentary efforts for substantive feedback toward apt countermeasures
and improved IS decisions.
