Indeed, the problem identified above is the very technical capabilities of those designing these technical security measures, and thus any security measure could likely be overridden with a fair amount of ease by these individuals (ITSP, 2005). Human resource control must also be implemented as a security measure, then, and this is done not through technology but rather through policy. A comprehensive and detailed information policy produced b the SANS Institute (2012) lists quite clearly the responsibilities and prohibitions of all employees in regards to information access, transmission, and utilization, covering far more than the issue being examined here. There are also policies for the control of information security personnel, however, and guidelines for executives and managers to control risks and exposures as a result of employee malice or avarice (SANS Institute, 2012). Simple procedural elements such as separating the work of various...

In the information age, however, they seem to multiple more rapidly than ever before. Proper safeguards -- and guards for the guards -- are necessary in order to maintain sensitive information appropriately and prevent enterprise risk.
References

ITSP. (2005). Every business has information security problems. Accessed 11 March 2012. http://www.it-observer.com/every-business-has-information-security-problems.html

SANS Institute. (2012). Information sensitivity policy. Accessed 11 March 2012. http://www.sans.org/security-resources/policies/Information_Sensitivity_Policy.pdf