Competing globally exposes an organization to numerous information security threats, both those internally and those externally generated. Without a strategy to prevent such threats and mitigate the impact of actual breaches, organizations are failing to protect themselves from potential obliteration. This article discusses how organizations can prevent a corporation's most prevalent security threat, the internal--both the purposeful and unintentional--leaking of data. In doing so, it describes why organizations are vulnerable to internal data leaks and how organizations are now responding to such leaks; it defines the increasingly popular strategic security solution known as access governance. It identifies the most likely source--as noted in a survey by PricewaterhouseCoopers and CIO and CSO magazines--causing an information security event. It explains how project managers can protect critical data and how project management can provide support in protecting organizational data assets. It then looks at the data security challenges now facing executives and the role they must play in ensuring that their organizations are effectively protecting sensitive data. Accompanying this article are three sidebars: The first lists two tips for practicing information security; the second defines two of the latest and little-known IT threats; the third summarizes key findings of a report looking at information security practices in India and China.