ABSTRACT
In a holistic view, information security is a triad of people, process, and technology. Appropriate
technology must be combined with management support, understood requirements, clear policies,
trained and aware users, and plans and processes for its use. While the perimeter is traditionally
emphasized, threats from inside have received less attention. Insider threats are potentially more serious
because an insider already has knowledge of the target systems. When dealing with insider threats, people
and process issues are paramount. Also, too often, security measures are viewed as a box to install
(technology) or a one-time review. Security is an ongoing process, never finished.
