An information system (IS) is
|| a discrete set of IT, data, and related resources, such as personnel, hardware, software, and associated information technology services organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information in accordance with defined procedures, whether automated or manual.
|| any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, and includes —
- (A) computers and computer networks;
- (B) ancillary equipment;
- (C) software, firmware, and related procedures;
- (D) services, including support services; and
- (E) related resources.
Organizations in the public and private sectors depend on technology-intensive information systems to successfully carry out their missions and business functions.
Information systems include very diverse entities, ranging from high-end supercomputers, workstations, personal computers, and personal digital assistants to very specialized systems (e.g., weapons systems, telecommunications systems, industrial/process control systems, and environmental control systems).
Information system components include, but are not limited to, mainframes, servers, workstations, network components, operating systems, middleware, and applications.
Information systems are subject to serious threats that can have adverse effects on organizational operations (i.e., missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processed, stored, or transmitted by those systems. Threats to information and information systems can include purposeful attacks, environmental disruptions, and human/machine errors and result in great harm to the national and economic security interests of the United States.
- ↑ ITU Study on the Financial Aspects of Network Security: Malware and Spam, at 3 n.3.
- ↑ 44 U.S.C. §3502(8); NIST Special Publication 800-53, App. B, Glossary; FIPS 200; FIPS 199; OMB Circular No. A-130, app. III
- ↑ The Common Approach to Federal Enterprise Architecture, at 46 (Terms and Definitions).
- ↑ Cybersecurity Requirements for Financial Services Companies, at 2.
- ↑ 45 C.F.R. §164.304.
- ↑ Joint Publication 3-13, at I-11.
- ↑ 44 U.S.C. §3532(4).
- ↑ United Nations Convention on the Use of Electronic Communications in International Contracts, art. (4)(f).
See also Edit