The document discusses managing insider threats to data. It defines the insider threat as anyone with authorized access who could exploit that access. It identifies intentional, security avoidance, mistakes, and ignorance as reasons for insider threats. It recommends proactive protection of data through access controls, monitoring, segmentation, encryption and education to prevent data breaches from insiders. Technology solutions should be chosen based on past incidents and balanced with the security budget.