This paper deals with IT security threats. Just when organizations felt they were gaining the upper hand in their defence against external IT security threats, comes a rise in problems caused by internal risk factors. Often termed the 'enemy within', malicious hacks on the enterprise system launched from the system itself remain in the minority compared to instances of data leakage-the unintentional and/or illicit loss of secure information into an insecure environment. Organization's that bother to check are finding that considerable quantities of data are trotting out through the staff entrance. Trend's Corporate end user study 2008, which surveyed 1,600 corporate end-users, found that the loss of proprietary company data and information was ranked as the second most serious threat at work, following viruses. Respondent considered this to be 'more serious than most other threats such as spam, spy ware, and phishing. IT departments could do much to reduce data leakage by shoring-up internal IT security procedures with the practice standards of ISACA's COBIT IT governance standards, as well as those of ITIL IT service management documentation. Implementing these tools would go a long way to staunching data leakage.