For years, the information security community has debated whether the threat of internal attack or external attack is of the greatest concern for organizations. Security practitioners have generally come to the conclusion that the volume of external attacks is far greater than internally-based attacks, simply due to the number of probes and attacks pounding their networks every day.
On the other hand, despite their smaller volume, inside attacks generally cause significantly more damage because the attackers already have access. Nowhere is this more applicable than with privileged users.
This paper explores some of the types of insider threats organizations face today and discusses monitoring and managing privileged user actions and the role this level of monitoring plays in today's compliance reporting efforts.