The IT Law Wiki


An information system (IS) is

a generic term referring to computers, communication facilities, computer and communication networks, and data and information that may be stored, processed, retrieved or transmitted by them, including programs, specification and procedures for their operation, use and maintenance.[1]
[a] discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information.[2]
a discrete set of IT, data, and related resources, such as personnel, hardware, software, and associated information technology services organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of information in accordance with defined procedures, whether automated or manual.[3]
a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination or disposition of electronic information, as well as any specialized system such as industrial/process controls systems, telephone switching and private branch exchange systems, and environmental control systems.[4]
an interconnected set of information resources under the same direct management control that shares common functionality. A system normally includes hardware, software, information, data, applications, communications, and people.[5]
the entire infrastructure, organization, personnel, and components that collect, process, store, transmit, display, disseminate, and act on information. The information system also includes the information-based processes.[6]
any equipment or interconnected system or subsystems of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information, and includes —
(A) computers and computer networks;
(B) ancillary equipment;
(C) software, firmware, and related procedures;
(D) services, including support services; and
(E) related resources.[7]
a system for generating, sending, receiving, storing or otherwise processing data messages.[8]


Organizations in the public and private sectors depend on technology-intensive information systems to successfully carry out their missions and business functions.

Information systems include very diverse entities, ranging from high-end supercomputers, workstations, personal computers, and personal digital assistants to very specialized systems (e.g., weapons systems, telecommunications systems, industrial/process control systems, and environmental control systems).

Information system components include, but are not limited to, mainframes, servers, workstations, network components, operating systems, middleware, and applications.


Information systems are subject to serious threats that can have adverse effects on organizational operations (i.e., missions, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation by exploiting both known and unknown vulnerabilities to compromise the confidentiality, integrity, or availability of the information being processed, stored, or transmitted by those systems. Threats to information and information systems can include purposeful attacks, environmental disruptions, and human/machine errors and result in great harm to the national and economic security interests of the United States.


See also[]