Fun lessons from a recent HIPAA-related insider attack, PHI deletion and other fun stuff as well as subsequent prosecution reported on this blog.
A log-related quote (which illustrates how logs are indispensable vs insider attacks): "3. Log the access of personnel with authorized access to sensitive data and systems. [A.C. - a true no-brainer, right? Go to a typical organization and see lots of people who don't log - does it mean they all lack brains? :-)] [...] No one individual should be controlling the entire network and data resources. If this is the situation, there should be another position, outside the individual's area, logging and monitoring the individual's activities."