This chapter includes the following topics:
Most security organizations devote the majority of their time, attention, and resources to putting defenses in place to keep “the bad guys” out. But the ongoing need to protect against outside attackers makes it easy for organizations to lose sight of another, even more potent threat to security: the bad guys from within. Understanding which assets should be protected and who should be allowed to access them is also a complex undertaking often overlooked in the enterprise.
Industry analysts estimate that 70 to 80 percent of security breaches are caused by insiders.1 Sometimes, ...