The kind of environment where the attacker is a sysadmin with access to the box and the ability to do whatever they feel like with BIOS, including enabling USB boot.
The default security posture of most organizations these days is to assume that a trusted insider will exploit the system at some point. Therefore everyone is implementing damage mitigation techniques so that they can respond quickly and understand the scope of the inevitable breach when it does occur.
Everyone is watching everyone else. The security guys get access to the firewalls and the IDS, but cannot touch the servers. The server guys cannot touch the backups. The backup team cannot initiate a restore without two levels of change control approval. It is a serious PITA for everyone involved and a gross inefficiency.
The first time an auditor told me that they cannot trust me, my knee jerk reaction was to tell them to go fuck themselves. Eventually I realized that I am in a very risky position with access to a lot of sensitive information. The key is not that they do not trust me, it is that they CANNOT trust me. While I may be trustworthy, who is to say that someone else in my same position, with my same level of access, is also trustworthy? Just like I have to assume that any executable downloaded from the internet is potentially full of malicious code, the risk management folks have to assume that every sysadmin in the organization is potentially full of malicious intent.