Last year, for the city of San Francisco locked up a crucial network for days by resetting administrative passwords.

In other cases, compromises have resulted when those with privileged access to corporate data and systems try to illegally profit from it. In July 2007, was found to have stolen personal records on more than 8.5 million customers. And in November 2006, a admitted to stealing trade secrets worth US$400 million from the company just before joining a rival.

Security analysts concede that dealing with such threats for companies and typically require the implementation of controls for monitoring and filtering network traffic, strict . Perhaps most important, the analysts said, is the need for a separation of duties among those who have wide-ranging control and access to critical IT assets, such as database, system and network administrators.