Although most of the information security business seems centered on detecting and intercepting external attacks, dishonest insiders pose a more subtle threat.
A valuable introduction to this topic is the May 3, 2006 webcast entitled “Wednesday Webcast: Web Application Security” on the SANS webcast archive page at
https://www.sans.org/webcasts/archive.php