ABSTRACT
In a holistic view, information security is a triad of people,
process, and technology. Appropriate technology must be
combined with management support, understood require-
ments, clear policies, trained and aware users, and plans
and processes for its use.While the perimeter is traditionally
emphasized, threats from inside have received less attention.
Insider threats are potentially more serious because an insi-
der already has knowledge of the target systems. When
dealing with insider threats, people and process issues are
paramount. Also, too often, security measures are viewed as
a box to install (technology) or a one-time review. Security
is an ongoing process, never finished.
