> If he was a systems admin, there were undoubtedly other system admins around to keep an eye on each other.
Of course. The question is are sys-admins as effective at watching other sys-admins as they are at watching regular users? It seems reasonable that they are not, if only because sys-admins are more skilled than other users. Sys-admins likely also implicitly trust other sys-admins more than other users, not intentionally of course, but enough to bias their ability to see things.
That's why you frequently deploy moles who try to get away with something (e.g, with writing a password on a post-it), and seriously reprimand persons who do not report that.
All your personnel must be paranoid; you cannot get there with only the real break-in/data theft attempts, as those are too rare.
Also, you regularly shift the roles, turning an operator into a watcher and vice versa.
Finally, you cannot have someone teamed up with the same person for weeks, because they might befriend each other and start to let things slip.
Of course. The question is are sys-admins as effective at watching other sys-admins as they are at watching regular users? It seems reasonable that they are not, if only because sys-admins are more skilled than other users. Sys-admins likely also implicitly trust other sys-admins more than other users, not intentionally of course, but enough to bias their ability to see things.