Compliance program regulatory documents, especially data protection laws, define detection, logging, and auditing requirements. An example of such a program is the German Bundesdatenschutzgesetz (BDSG), where you would find the section "to prevent unauthorized usage of data processing systems" in paragraph 9 (http://www.lw-flyerdruck.de/userfiles/541/File/Dateivorgaben/INFO1_Januar_2011.pdf). An implication of this requirement could be to detect these unauthorized usages. Microsoft System Center 2012 Operations Manager (SCOM) has the ability to track and log unauthorized events in Microsoft Active Directory.
"10.1 Implement audit trails to link all access to system components to each individual user"
You can find additional details on PCI DSS at https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf.