Is Insider Risk something new, or something we need to look at in a new way? Traditionally we have put in place measures to protect the perimeter, to control access into our buildings or our systems. Why did we do this? We saw the biggest risks and threats coming from external sources. In a “less connected” world this made perfect sense. We housed our assets and managed accordingly. However, the world has changed. We are more inter-connected than ever, and in many ways, we’ve optimized against the external threats. We have become experts in “perimeter” protection. We cannot rest and let down on the perimeter, however, the perimeter being the primary focus has left us vulnerable in many ways. This paper discusses how we design our internal controls, both in physical and system realms, as we evolve our understanding on where risks really exist, and how we believe people might behave. Employees stealing physical or confidential information from their company and/or place of work is not new, however, the complexity of the environment that we protect is no longer simple, and the stakes are high. Our reputation, our credibility, and in some cases the financial viability of these organizations are at stake.