A financial services firm provides users of high privilege accounts with weekly Self Audit reports in which all of their access and activity is given a risk-score. Without the unique context provided by the self audit report — machine learning risk scores combined with user visibility — the breach may have continued for several more years. Success depends on the ability to communicate the need for and create a company culture of partnership and transparency between users and the information security team. Too often, a companys information security function is viewed by users with suspicion and seen as Dr. No”]
Source: https://www.csoonline.com/article/3104540/security-by-the-people.html