https://www.sans.org/reading-room/whitepapers/dlp/preventing-data-leakage-risk-based-approach-controlled-use-administrative-36202