This memorandum focuses on the insider and the potential damage that such an individual could cause when targeting current information systems. It points out the various weaknesses (vulnerabilities) an insider might exploit and highlights approaches to solving these problems. In taking corrective action, it is necessary to consider technical and procedural steps in deterring the insider. Finally, it proposes, in priority order, recommendations to mitigate the threat posed by the insider. The approach is not to provide an exhaustive list, but rather offer recommendations that could have the greatest immediate return against this serious threat.