Employees, board members, and other internal team members who
have legitimate access to information and/or information technology.
Complexity: Insiders typically have special knowledge of internal controls
that are unavailable to outsiders, and they have some amount of access. In
some cases, they perform only authorized actions - as far as the information
systems have been told. They are typically trusted and those in control often
trust them to the point where placing internal controls against their attacks
are considered offensive.