We've conducted a piece of research with 500 IT decision makers in the UK and US to better understand their attitudes to insider threat, as well as how well set up they are to manage it.
The report suggests that many IT professionals are complacent about the issues of internal security. Among those IT professionals using Microsoft Active Directory, 55% believe that the directory service has no security loopholes, while 86% believe their user access policy is effective. This is despite the fact that Active Directory provides only basic security measures, allowing concurrent user logins and offering very limited functionality for monitoring and controlling network access.
“That said, any approach to tackling insider threats must address the cultural issue too; systems must be defended with security policies and staff must understand those. The problem of relying on a policy alone is that it relies on humans, and unfortunately humans make mistakes and forget things! Again, technology can help here by use of automated warnings via the security software to the user.”
Have a look at the report (it's free!) and let me know your thoughts on Active Directory and Insider Threats.
Linky: http://www.isdecisions.com/insider-threats-manifesto/