"When most people think of security monitoring, they think of external attackers breaking into systems, or they think of insider fraud. But there's a whole spectrum of monitoring cases that security groups have to deal with, and they're not all Threat Level Orange.
Sometimes the team is asked to investigate a suspicion of a suspicion -- to determine whether it's worth anyones time to dig further. Sometimes the "breach" is actually a turf war between departments, branch offices, or system administrators, when someone uses a root password that they werent supposed to have. And sometimes the monitoring is just for distasteful behavior that, strictly speaking, isnt security-related..."
Read More ...