Definitions[edit | edit source]
An information system (IS) is
|“||a generic term referring to computers, communication facilities, computer and communication networks, and data and information that may be stored, processed, retrieved or transmitted by them, including programs, specification and procedures for their operation, use and maintenance.||”|
|“||[a] discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.||”|
|“||a discrete set of IT, data, and related resources, such as personnel, hardware, software, and associated information technology services organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information in accordance with defined procedures, whether automated or manual.||”|
|“||a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial/process controls systems, telephone switching and private branch exchange systems, and environmental control systems.||”|
|“||an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.||”|
|“||the entire infrastructure, organization, personnel, and components that collect, process, store, transmit, display, disseminate, and act on information. The information system also includes the information-based processes.||”|
|“||any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, and includes —||”|
|“||a system for generating, sending, receiving, storing or otherwise processing data messages.||”|
Overview[edit | edit source]
Information systems include very diverse entities, ranging from high-end supercomputers, workstations, personal computers, and personal digital assistants to very specialized systems (e.g., weapons systems, telecommunications systems, industrial/process control systems, and environmental control systems).
Threats[edit | edit source]
Information systems are subject to serious threats that can have adverse effects on organizational operations (i.e., missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processed, stored, or transmitted by those systems. Threats to information and information systems can include purposeful attacks, environmental disruptions, and human/machine errors and result in great harm to the national and economic security interests of the United States.
References[edit | edit source]
- ITU Study on the Financial Aspects of Network Security: Malware and Spam, at 3 n.3.
- 44 U.S.C. §3502(8); NIST Special Publication 800-53, App. B, Glossary; FIPS 200; FIPS 199; OMB Circular No. A-130, app. III
- The Common Approach to Federal Enterprise Architecture, at 46 (Terms and Definitions).
- Cybersecurity Requirements for Financial Services Companies, at 2.
- 45 C.F.R. §164.304.
- Joint Publication 3-13, at I-11.
- 44 U.S.C. §3532(4).
- United Nations Convention on the Use of Electronic Communications in International Contracts, art. (4)(f).
See also[edit | edit source]
- Information system-related security risk
- Information system component
- Information system general controls
- Information system owner
- Information system security officer
- Information Systems Audit and Control Association
- Information Systems Related to Technology Transfer: A Report on Federal Technology Transfer in the United States
- Information systems security
- Information Systems Security Association
- Information Systems Security Board
- Information Systems Security Line of Business
- Information systems security officer