Please paraphrase the below
Countermeasures
Where possible, prevention is vastly preferable to detection and attempted remediation (although cases of insider misuse generally exist in which prevention is inherently difficult). For example, the Multics system architecture (see [5] and https://www.multicians.org/) stressed the importance of prevention by isolating privileged execution domains from less-privileged executions, isolating one user from another while still permitting controlled sharing (via access-control lists, access- checked dynamic linking, and dynamic revocation, as well as user-independent vir- tual memory), and using some sensible software-engineering concepts. Use of some of the Saltzer-Schroeder [22] security principles is directly relevant to minimizing insider misuse. The most obviously applicable principles here are separation of priv- ileges, allocation of least privilege, and open design. In addition, ease of use (gen- eralizing Saltzer and Schroeder's psychological acceptability) could provide incentives for insiders to avoid the excuse of security being too complicated, which otherwise often results in the creation of unnecessary vulnerabilities. These and other principles are discussed further in the context of election systems in Section 7.
If there is no meaningful security policy, then the task of detecting and identify- ing deviations from that policy is not meaningful. If there is no fine-grained context- sensitive prevention in systems and networks, then even if there were a meaningful security policy, it would be difficult to implement it. With respect to insiders, en- terprises operating within a system-high approach suggest that insider misuse is ill-defined - in the sense that everything may be permitted to all authenticated users. Thus, to have any hope of detecting insider misuse, we first need to know what con- stitutes misuse. Ideally, as noted above, it would then be much better to prevent it rather than to have to detect it after the fact.
The absence of rigorous authentication and constructive access controls tends to put the cart before the horse. For example, what does unauthorized usemean when almost everything is authorized? Recall the Internet Worm of 1988, which was an outside-inner attack. Robert Tappan Morris was prosecuted for exceeding authority;yet,noauthorizationwasrequiredtousethesendmail debugoption, the finger daemon buffer overflow, the .rhosts mechanism, and copying an encrypted but then unprotected password file. This may have been misuse, but was not unauthorized misuse. The same issues arise with recent malware.