Information System and Cybersecurity

The Peacock as a Metaphor for Information System
The Peacock as a Metaphor for Information System


A system is the “combination of interacting elements organized to achieve one or more stated purposes.” (ISO/IEC 15288: 2015)

“The systems considered in this International Standard are man-made, created and utilized to provide products or services in defined environments for the benefit of users and other stakeholders. These systems may be configured with one or more of the following system elements: hardware, software, data, humans, processes (e.g., processes for providing service to users), procedures (e.g., operator instructions), facilities, materials and naturally occurring entities. As viewed by the user, they are thought of as products or services.” (ISO/IEC 15288: 2015)

Information System

“Information system” means a discrete set of information resources organized for the
collection, processing, maintenance, use, sharing, dissemination, or disposition of
information; (44 U.S.C., Sec. 3502)

An information system refers to the “organized collection of hardware, software, supplies, policies, procedures and people that stores, processes and provides access to information.” (ISO/TS 22220)


Asset means “anything that has value to the organization.”

Note 1 to entry: In the context of information security, two kinds of assets can be distinguished:
the primary assets:
— information;
business processes and activities;
the supporting assets (on which the primary assets rely) of all types, for example:
— hardware;
— software;
— network;
— organization’s structure.
(ISO/IEC 27002:2022)


“cybersecurity” means prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation. (NSPD-54/HSPD-23)

The process of protecting information by preventing, detecting, and responding to attacks. (NIST Cybersecurity Framework Version 1.1)

Information Assurance (IA)

Measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities. (CNSSI 4009)

Note: DoDI 8500.01 has transitioned from the term information assurance (IA) to the term cybersecurity. This could potentially impact IA related terms.

Information Security

The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability. (44 U.S.C., Sec. 3542)