Organizations often devote extensive resources to improving the security of their data processing systems. In a common and well-studied code-based approach, an organization may attempt to identify a weakness in the code used in its data processing system. The organization can attempt to remedy this problem by designing a code patch which overcomes the perceived weakness.
However, as appreciated by the present inventors, the security of an organization depends on more than its code-based vulnerabilities. Once a malicious entity has gained access to the data processing system (through legitimate or illegitimate means), this entity can sometimes then exercise otherwise legitimate authority to gain control of additional parts of the data processing system and cause harm within the data processing system. The remedy to this type of problem is not necessarily through the redesign of code, as the misuse of legitimate authority may not reflect a deficiency in the code itself.