$0.00M
Average data-breach cost.
Source · IBM Cost of a Data Breach Report 2024
04 · Practice
Confidential Information Discovery & Removal
Exogenous Exposure Intelligence (EEI) to identify, recover, and eliminate externally exposed confidential data across the global information ecosystem.
ISRM operates beyond the perimeter — identifying and controlling sensitive information once it has left your internal environment.
§02 · EEI Context
What is a confidential information leak?
Confidential information leakage refers to the unintended or uncontrolled propagation of sensitive internal data outside organisational boundaries into external systems, platforms, or networks.
Within EEI, this is not viewed as a perimeter failure, but as an inevitable byproduct of complex, interdependent systems and human interaction.
Operating axiom · ISRM/EEI
“Entropy creates black swan events, and single points of failure across interlinking systems make confidential information leakage a question of when and where — not if.”
§03 · Vectors of egress
How does information leak?
No single vector explains exposure. The set is heterogeneous, overlapping, and continuously expanding alongside the platforms it passes through.
- V01Misrouted communicationsemail sent to the wrong recipient
- V02Lost or stolen physical mediaUSB drives, laptops, printed documents
- V03Third-party / vendor compromisemishandling of shared data
- V04Misconfigured cloud storagepublicly exposed databases
- V05Credential reuse across breached platformscompounded by external dataset overlap
- V06Insider actionsintentional or accidental
- V07Compromised email infrastructureSMTP interception or relay compromise
- V08Indexed by AI systemsscraped into external training datasets
- V09Paste sites & underground forumsdata-sharing communities
- V10Archived / cached versionssensitive data persisting online
- V11Data brokersaggregating & reselling internal fragments
Inevitability is the design constraint. Each vector is independently low-probability and collectively certain. EEI assumes egress as a steady state, not an exception, and operates as the recovery layer beyond it.
§04 · Intelligence Category I
Internal documents
What ISRM recovers under this category — business-relevant artefacts, not exhaustive enumeration.
- D · 01Strategic documentsinternal reports, planning materials
- D · 02Financial records and projectionsP&L, forecasts, board-level financial commentary
- D · 03Legal & contractual documentationprivileged drafts, executed agreements, dispute artefacts
- D · 04Operational data & internal communicationsprocess documentation, internal correspondence
- D · 05Proprietary methodologies & IPresearch, source material, internal product systems
These documents often surface in fragmented or complete form across external platforms. EEI focuses on locating, correlating, and contextualising these artefacts — not merely cataloguing their presence.
§05 · Intelligence Category II
Internal credentials
ISRM identifies exposed credentials that are not intended for public access. These often correspond to internal authentication infrastructure — and the realised cost of failure is documented.
Exhibit · 05A · scope of credential exposure
| Surface | Public | Internal |
|---|---|---|
| Public login systems (SaaS, webmail) | In scope | Not in scope |
| Intranet-only authentication credentials | Not in scope | In scope |
| Internal portals & gateway access points | Not in scope | In scope |
| Privileged or operational accounts | Not in scope | In scope |
Internal credentials, when externally exposed, do not behave like public-login leaks. They map onto operational infrastructure where access controls, segmentation, and audit assumptions were never designed for adversaries already holding the key.
Exhibit · 05B · realised cost of credential control failure
0%
of SMBs close within six months of a breach.
Source · National Cyber Security Alliance
$0.0M+
Average operational loss per day of downtime.
Source · Sophos State of Ransomware 2023
These figures reflect not theoretical risk, but the realised cost of credential control failure.
§06 · Operations · Signature exhibit
Data removal & erasure operations
A four-stage procedure executed under instrument-of-erasure: jurisdictionally mapped, legally instrumented, multilaterally enforced, and continuously monitored.
Writ · ISRM/EEI/RM-04Case · CONF-DISC / removal procedureActive
01 · MapJurisdictional Mapping
02 · InstrumentLegal Action Framework
03 · EngageEnforcement & Engagement
04 · MonitorRecurrence Control
01Jurisdictional Mapping
Identify controllers & jurisdictions
- Identify data controllers hosting or distributing the confidential information.
- Map relevant regional data protection authorities and legal jurisdictions.
02Legal Action Framework
Instrument formal legal action
- Execute formalised action against data controllers using applicable legislation.
REGGDPR · Right to ErasureUKDPA 2018EUTrade Secrets · 2016/943∴jurisdiction-specific frameworks
03Enforcement & Engagement
Direct engagement with hosts & intermediaries
- Direct engagement with hosting entities, platforms, and intermediaries.
- Multi-channel escalation where required.
04Recurrence Control
Continuous re-discovery & re-removal
- Continuous monitoring across: open web · deep web · paste sites · forums · data brokers · AI-indexed environments.
- Re-initiate removal workflows upon reappearance of the same data artefact.
§07 · Surface coverage
Where we operate
Exposure is layered. Our intelligence operates across the full strata of the externalised information ecosystem.
Open Web
Indexed, cached, and crawlable surface — search engines, public repositories, news, social platforms.
Deep & Semi-Closed Networks
Forums, communities, and paste-site adjacencies operating below standard search indexing.
Data Brokerage Ecosystems
Resold and aggregated datasets — internal fragments re-packaged across commercial intermediaries.
AI Indexing Layers
Training corpora and embedding indexes where confidential text persists as latent recall.
Archival & Cached Data Systems
Time-shifted artefacts — cached pages, archive snapshots, dormant mirrors of since-removed source material.
Exposure is not confined to a single layer — neither is our intelligence capability.
§08 · Cross-sector application
EEI in context — by sector
The exposure surface differs by mandate. The discipline does not.
Government
Sensitive internal communications and classified data handling exposures.
Finance
Transactional data, internal reporting, credential exposure.
Healthcare & Pharma
Patient data, research, regulatory documents.
Legal
Case files, privileged communications.
Technology
Source code, internal systems, proprietary frameworks.
Logistics & Enterprise
Operational data, supply-chain intelligence.
§09 · Long-term partnership
Confidential information exposure is continuous — not one-time.
ISRM provides ongoing discovery, control, and removal — operating as your standing exogenous intelligence function.