This article affirms the need to "trust but verify" as part of the security process:

Corporate Security Controls: Massive Insider Breach At DuPont
http://www.informationweek.com/news/showArticle.jhtml?articleID=197006474

QUOTE: A research chemist who worked for DuPont for 10 years before accepting a job with a competitor downloaded 22,000 sensitive documents and viewed 16,706 more in the company's electronic library.

Gary Min worked as a research chemist for DuPont for 10 years before accepting a job with DuPont competitor Victrex PLC in Asia in October 2005. Between August and December of that year, Min downloaded 22,000 sensitive documents and viewed 16,706 more in the company's electronic library, making him the most active user of that database in the company, according to prosecutors.

It's unclear whether Min's frequent access to that database tipped off an automatic alert to DuPont officials or whether his behavior was discovered by studying database access logs. Regardless, Min left DuPont in December, 2005, and after starting work for Victrex in February, 2006, transferred 180 DuPont documents to a Victrex-owned laptop computer.

After DuPont discovered that Min had helped himself to a large volume of confidential and proprietary DuPont technical information, it notified the FBI and the Commerce Department. Min's Victrex computer was seized on Feb. 8, 2006, while he was at a meeting with Victrex officials in Geneva, Switzerland. The confiscated computer was turned over to DuPont, which in turn gave it to the FBI, according to prosecutors.