The set of software, technical, organizational support and personnel, which is designed to provide the right people with the information they need in a timely manner, is called an information system. In this article, we will talk in more detail about what an information system is, give information about some types of existing systems.

Information system

The second article of the Law on Information defines IP as follows: an information system is a combination of information contained in databases and technical means and information technologies that ensure its processing.

Signs of IP:

• Performing one or more functions in relation to information;
• The unity of the system, which implies the presence of a common file base, common standards and protocols, common management, and more;
• The ability to perform the specified functions to create compositions and decompositions of system objects.

Basic requirements for IP:

• Efficiency;
• Quality of functioning: consistency with standards, accuracy, security;
• Reliability. The system should not fail on the following thresholds: information quality, access time, performance,
• Safety.

What is an automated information system

An automated information system is an interconnected set software tools, data, standards, equipment, procedures and personnel, which is intended for processing and collecting, storing, distributing and issuing information and meets the requirements that arise from the goals of a particular organization.

In essence, AIS is a human-machine system based on an automated technology for obtaining information used to optimize the management process and information support personnel in a particular activity.

Due to the formalization of processing processes and the complexity of structuring information, the automation of information procedures is difficult. The degree of automation of information processes can vary from ten to twenty percent.

What is an information retrieval system

The definition of IPS is as follows: an information retrieval system is an applied computer environment designed to search, collect, process, sort, store and filter large amounts of information in a structured form.

IPS, information retrieval systems are designed to solve certain types of tasks, characterized by their own set of objects and their features.

IPS, information retrieval systems subdivide:

1. Documentographic. In such information retrieval systems, indexing of all stored documents is carried out in a special way. Each individual document is given an individual code, which makes up the search image. That is, the search will be conducted by search images, and not by the documents themselves. Thus, one usually searches for literature in large libraries. By the number indicated in the catalog card, they look for the necessary book.
2. Factual. These information retrieval systems store facts, not documents; these facts belong to some subject area. The search is conducted according to the pattern of the fact.

Information retrieval systems, IPS include 2 parts of the database:

• DB is the database itself;
• DBMS - database management system.

DB - a set of structured data that relate to a specific subject area.

DBMS is a set of language and software tools that are necessary to create a database, keep them up to date and organize the search for the necessary information in them.

The most famous are such DBMS as Microsoft Access, dBase, FoxPro, Clipper, Paradox.

What is a corporate information system

Any large company, moreover, a rapidly growing one, will sooner or later face the problem of systematizing information and automation processes that will be involved in processing this information.

At the beginning of the development of the organization, it is possible for employees to use standard office applications, but over time, the constant growth of information will set the company the task of organizing a Corporate Information System (CIS).

CIS, Corporate Information System is a scalable system designed for complex automation of business activities of organizations, corporations, companies that require unified management.

The introduction of CIS, Corporate Information System, will give the following results:

• Increasing resistance to external influences, flexibility and internal controllability.
• Increasing the competitiveness and efficiency of the company.
• Reducing the cost of goods and services.
• Decrease in stocks.
• Increasing sales of goods and services.
• Improvement of interaction with suppliers.
• Reduction of terms of execution of orders.

All this will contribute to the implementation of the main goal of the CIS, the corporate information system, is to increase the profitability of the organization, thanks to the most efficient use all resources of the company and improving the quality of management decisions made by management.

We hope that everyone who was interested in the question of what an information system is could find the answer to it in this article.

1. State Information Systems are created in order to exercise the powers of state bodies and ensure the exchange of information between these bodies, as well as for other purposes established by federal laws.

2. State information systems are created, modernized and operated taking into account the requirements stipulated by the legislation Russian Federation on the contract system in the field of procurement of goods, works, services to meet state and municipal needs or the legislation of the Russian Federation on public-private partnership, on municipal-private partnership, legislation on concession agreements, and in cases where the operation of state information systems is carried out without involving budget funds budget system Russian Federation, in accordance with other federal laws.

3. State information systems are created and operated on the basis of statistical and other documented information provided by citizens ( individuals), organizations, state bodies, local governments.

4. Lists of types of information provided on a mandatory basis are established by federal laws, the conditions for its provision - by the Government of the Russian Federation or the relevant state bodies, unless otherwise provided by federal laws. If, during the creation or operation of state information systems, it is planned to implement or process publicly available information provided for by the lists approved in accordance with Article 14 of the Federal Law of February 9, 2009 N 8-FZ "On ensuring access to information about the activities of state bodies and bodies of local self-government", state information systems should ensure the placement of such information on the Internet in the form of open data.

(see text in previous edition)

4.1. The Government of the Russian Federation determines the cases in which access via the Internet to information contained in state information systems is provided exclusively to information users who have been authorized in a unified identification and authentication system, as well as the procedure for using unified system identification and authentication.

5. Unless otherwise established by the decision on the creation of the state information system, the functions of its operator are carried out by the customer who has concluded a state contract for the creation of such an information system. At the same time, the commissioning of the state information system is carried out in the manner established by the specified customer.

5.1. In the event of the creation or modernization of a state information system on the basis of a concession agreement or an agreement on public-private partnership, the functions of the operator of this system within the limits, to the extent and within the time limits provided for by the relevant agreement, are carried out by the concessionaire or a private partner.

6. The Government of the Russian Federation approves the requirements for the procedure for the creation, development, commissioning, operation and decommissioning of state information systems, further storage of the information contained in their databases, including the list, content and timing of the implementation of the stages of measures for the creation, development commissioning, operation and decommissioning of state information systems, further storage of information contained in their databases.

(see text in previous edition)

7. It is not allowed to operate the state information system without proper registration of the rights to use its components that are objects of intellectual property.

8. Technical means, designed to process information contained in state information systems, including software and hardware and information security tools, must comply with the requirements of the legislation of the Russian Federation on technical regulation.

9. Information contained in state information systems, as well as other information and documents at the disposal of state bodies are state information resources. Information contained in state information systems is official. State bodies, determined in accordance with the regulatory legal act regulating the functioning of the state information system, are obliged to ensure the reliability and relevance of the information contained in this information system, access to specified information in cases and in the manner prescribed by law, as well as protection of the specified information from unauthorized access, destruction, modification, blocking, copying, provision, distribution and other illegal actions.

(see text in previous edition)

In the Russian Federation there are about 100 state information systems, they are divided into federal and regional. An organization working with any of these systems is obliged to comply with the requirements for the protection of data that is processed in it. Depending on the classification, different information systems are subject to different requirements, for non-compliance with which sanctions are applied - from a fine to more serious measures.

The operation of all information systems in the Russian Federation is determined by Federal Law No. 149-FZ of July 27, 2006 (as amended on July 21, 2014) “On Information, Information Technologies and Information Protection” (July 27, 2006). Article 14 of this law provides detailed description GIS. To operators of state IS in which information is processed limited access(not containing information constituting a state secret), the requirements set forth in the Order of the FSTEC of Russia dated February 11, 2013 No. 17 “On approval of requirements for the protection of information not constituting a state secret contained in state information systems” are imposed.

Recall that the operator is a citizen or entity those carrying out activities for the operation of the information system, including the processing of information contained in its databases.

If the organization is connected to the state information system, then FSTEC Order No. 17 obliges to certify the system, and only certified information security tools (having valid FSTEC or FSB certificates) should be used to protect information.

It is not uncommon for an information system operator to erroneously classify it as a GIS, when it is not. As a result, excessive protection measures are applied to the system. For example, if by mistake the operator of the personal data information system classified it as a state one, he will have to comply with more stringent requirements for the security of the information being processed than required by law. Meanwhile, the requirements for the protection of personal data information systems, which are regulated by FSTEC Order No. 21, are less stringent and do not oblige to certify the system.

In practice, it is not always clear whether the system to which you want to connect is state-owned, and, therefore, what measures to build information security need to be taken. Nevertheless, the plan of inspections by regulatory authorities is growing, and fines are systematically increasing.

How to distinguish GIS from non-GIS

The state information system is created when it is necessary to provide:

• implementation of powers of state bodies;
• information exchange between government agencies;
• achievement of other goals established by federal laws.

To understand that the information system belongs to the state, you can use the following algorithm:

1. Find out if there is a legislative act prescribing the creation of an information system.
2. Check the availability of the system in the Register of Federal State Information Systems. Similar registers exist at the level of subjects of the Federation.
3. Pay attention to the purpose of the system. An indirect sign of classifying a system as a GIS will be a description of the powers that it implements. For example, each administration of the Republic of Bashkortostan has its own charter, which, among other things, describes the powers of local governments. The IS "Accounting for citizens in need of residential premises on the territory of the Republic of Bashkortostan" was created to implement such powers of administrations as "the adoption and organization of the implementation of plans and programs for the integrated socio-economic development of a municipal district", and is a GIS.

If the system involves the exchange of information between government agencies, it is also highly likely to be state-owned (for example, an interdepartmental electronic document management system).

This is GIS. What to do?

Order FSTEC 17 prescribes the following measures to protect information to GIS operators:

• formation of requirements for the protection of information contained in the information system;
• development of the information security system of the information system;
• implementation of the information security system of the information system;
• certification of the information system for information security requirements (hereinafter referred to as ISPD certification) and putting it into operation;
• ensuring the protection of information during the operation of a certified information system;
• ensuring the protection of information during the decommissioning of a certified information system or after a decision has been made to complete the processing of information.

Organizations that are connected to government information systems must do the following:

1. Classify IS and identify security threats.

Classification of IS is carried out in accordance with clause 14.2 17 of the FSTEC order.

Information security threats are determined by the results

• assessing the capabilities of offenders;
• analysis of possible vulnerabilities of the information system;
• analysis (or simulation) possible ways implementation of information security threats;
• assessing the consequences of violating information security properties (confidentiality, integrity, availability).

2. Form the requirements for the information processing system.

The system requirements should include:

• the purpose and objectives of ensuring the protection of information in the information system;
• information system security class;
• a list of regulatory legal acts, methodological documents and national standards that the information system must comply with;
• list of information system protection objects;
• requirements for measures and means of protecting information used in the information system.

3. Develop an information security system of the information system.

To do this, you need to:

• designing the information security system of the information system;
• development of operational documentation for the information security system of the information system;
• prototyping and testing of the information security system of the information system.

4. Implement the information security system of the information system, namely:

• installation and configuration of information security tools in the information system;
• development of documents defining the rules and procedures implemented by the operator to ensure the protection of information in the information system during its operation (hereinafter referred to as organizational and administrative documents for information protection);
• implementation of organizational measures to protect information;
• preliminary tests of the information security system of the information system;
• trial operation of the information security system of the information system;
• verification of the built information protection system for vulnerability;
• acceptance tests of the information security system of the information system.

5. Certify ISPD:

• conduct certification tests;
• get a certificate of conformity.

There is a widespread opinion that in order to pass the inspection of regulatory authorities, it is enough to have organizational and administrative documents, so GIS operators often neglect the introduction of protection tools. Indeed, Roskomnadzor pays close attention to the documents and the implementation of organizational and administrative measures to protect personal data in the organization. However, if questions arise, specialists from the FSTEC and the FSB may be involved in the audit. At the same time, the FSTEC looks very carefully at the composition technical protection information and checks the correctness of the threat model, and the FSB checks the implementation of the requirements regarding the use of tools cryptographic protection information.

Oleg Necheukhin, expert in information systems protection, "Kontur-Safety"

The article by Nikolai Mikhailovsky, published in this issue of the journal, rightly notes the confusion in IT terminology. This confusion covers not only the concepts of "information system" (IS) and "IS architecture", it is not at all harmless and often prevents in practice to clearly define what is the subject of development in a particular project: IS, only its KSA (see below) or the system (AC) as a whole?

To try to clarify the matter, the following are key definitions from normative documents and, for comparison, from more general sources. Definitions are selected from the working materials of the author of this note, which were an addition to the main materials of courses for specialists and managers. (This explains the presence of comments and the free arrangement of material in this note - after all, this is not a glossary!) That is why it is said: practice has repeatedly shown that a glossary is not enough. Creating a common "conceptual space" - for at least ten course participants - requires another half hour to an hour of discussion to get the same understanding of such things as "system", "IS" and "KSA". Finally, it is regrettable to note that outside the note there was material that could clarify what “System engineering” is, software architecture and other important processes and objects of design, design and use of systems.

System:

A complex consisting of processes, hardware and software, devices and personnel that has the ability to satisfy established needs or goals ().

Note: close enough to the definition of the concept of an automated system (AS) in GOST 34.

Automated system (AS):

In the process of functioning, an automated system is a set of a set of automation tools, organizational, methodological and technological documents and specialists using them in the course of their work. professional activity. (From the guidelines RD 50-680-88 of the GOST 34 series of standards for automated systems (AS).)

Comment.
Recent years have been marked by a qualitative expansion of the meaning of the term "system", reflected in the documents of international committees and professional communities focused on IT. There is a transition to an interpretation that is even broader than indicated in, due to the explicit inclusion of components of other types (materials, methods, etc.). In this regard, the relevance of a wider use of the term "information and control system" (see, for example, in) and a narrower use of the term "information system" (see below) is growing.

Information system (IS):

1) a system designed to collect, transmit, process, store and issue information to consumers and consisting of the following main components:

• software,
• Information Support,
• technical means,
• service staff ().

2) Information system - The collection of people, procedures, and equipment designed, built, operated, and maintained to collect, record, process, store, retrieve, and display information ().

Comment.
IP is initially considered as indifferent specific purposes users a system similar to a PBX, a general purpose library, or help desk station, which provides its information services as a subsystem or an adjacent system to a more general system: an enterprise, city, industry, country, etc. (cm. ). Once again, we note that too often IS is understood as a variety of things - from KSA to AU.

The standards have a clear definition of the technical concept of "IT system", which is often required to be used instead of IS. So GOST R ISO / IEC TO 10000-1-99 defines

Information technology system (IT system):

A set of information technology resources that provides services over one or more interfaces. (This is close to the concept of "complex of automation tools" in the guidelines RD 50-680-88 from GOST 34, where the main provisions of this ND complex are given.)

A set of automation tools for an automated system; KSA AC:

The totality of all components of the AS, with the exception of people ().

Sources(which are not named directly in the text)

1. Webster's New World Dictionary of Computer Terms, Fourth edition, 1993.
2. GOST 34.003-90. Information technology. A set of standards and guidelines for automated systems. Terms and Definitions.
3. D. Meister, J. Rabideau, Psychological engineering assessment in the development of control systems. "Soviet radio", M. 1970.
4. Big English-Russian Polytechnical Dictionary, M., "Russian language", 1991.
5. Information systems in economics: Textbook / Ed. Prof. V.V. Dick. - M.: Finance and statistics, 1996.
6. GOST R ISO/IEC 12207-99. Information technology. Software life cycle processes. GOSSTANDART OF RUSSIA. Moscow, 1999.

Zinder Evgeny Zakharovich,
editor-in-chief of the magazine "DIS", director of the analytical and design bureau "Group 24".
You can write to him at:

An information system (IS) is any organized system for collecting, storing and transmitting information. In more depth, this is the creation of additional sources that people use to receive, filter and distribute data.

The definition of the concept of "information systems" is associated with computer technology. In other words, it is a kind of complex that involves the work of people and computers, as a result of which information is processed or interpreted. This term sometimes used in a more limited sense - to refer to software required to run a computer database, or as a definition of a computer component.

But the emphasis is usually on information systems, the definition of which includes the final surface layer - users, processors, inputs, outputs, and the aforementioned communication networks. Any particular IS aims to support operations, management and decision making.

The definition of an information system can also be reduced to the fact that it is information and communication technologies (ICT) that various organizations use, as well as the way in which people interact with these technologies in support of business processes. Some researchers make a clear distinction between information and computer systems and business processes. ICs typically include a computer component, but are not directly related to them.

Information systems, the definition of which we will consider later in the article, differ from business processes in that they only help to control the effectiveness of the latter.

Some scholars argue for the benefits of IS as a specific type of workflow. However, it is a system in which people or machines perform certain functions and activities, using resources to produce specific products or services for customers. While the information system is, as already mentioned, an intellectual complex whose activities are devoted to the collection, transmission, storage, search, processing and display of information.

Information system - what is it?

Thus, ISs are closely related to data transmission systems on the one hand and workflow systems on the other. They are a form of interconnection in which data is presented and processed as a form of social memory. The information system (the main concepts, definitions associated with it, we consider in the article) can also figure as a semi-official language that supports the creation of human decision and action. It is the main focus of research for organizational informatics.

Basic concepts, definitions, classification of information systems

Exist different types IS, for example:

• transaction processing;
• decision support;
• knowledge or learning management;
• database management.

Crucial to most information systems is information technology, which is typically designed to perform tasks for which the human brain is not well suited. For example, processing large amounts of information, performing complex calculations, and managing numerous simultaneous processes.

Information technology is a very important and malleable resource available to managers. Many companies are now hiring a chief data officer. The technical director can also act in this role.

Equipment

The definition of "the essence of an information system" implies that there are six components that must be combined to create it. And the first one is equipment.

This term refers to technology. And it means the computer itself, which is often mentioned as CPU(CPU), and all associated hardware to support operation. Among the auxiliary equipment needed to create an IS, one can mention input and output devices, data storage and communication facilities.

Software

The next component is software. This term refers to computer programs and guidelines (if any) that support them. Exist computer applications, machine-readable instructions that guide wiring diagram inside the hardware of the system and make it function in such a way as to produce useful information from the received data.

Programs are usually stored on some machines, sometimes on removable media.

Data

Another component is data - facts that are used by programs to obtain useful information. Like programs, data is usually stored in a machine-readable form on a disk or other storage medium until the computer needs it.

The definition of the concept of "information systems" is not possible without taking into account the presence of facts that are processed and systematized.

Procedures

Another component that defines the essence of the described definition is procedures. This term refers to the policy that governs the operation computer system. It can be certain requirements and the rules by which IS functions and develops.

People

Every system also needs people if it is to be of any use. Moreover, people are often the most significant element. And, probably, this is the component that most influences the success or failure in the creation of information systems. This item includes not only users, but also those who work and maintain computers, maintain data and networks, etc.

Feedback

Another component of IS is Feedback(although it is not necessary to function).

As already noted, data is a kind of bridge between hardware and people. This means that the information we collect is only scattered information until it is systematized. At this stage, data becomes information and falls into the definition of an information system.

The use of information systems directly depends on their types.

Pyramid

Thus, the classical view of IP is often described in various textbooks. In the 80s, it was represented as a pyramid, which reflected the hierarchy of the organization.

As a rule, transaction processing systems were located at the bottom of the pyramid, a little higher was the management of information systems that make decisions to support the system, and the model ended with executive ICs at the top.

This pyramid model remains useful today, since it first formulated a number of new technologies, but some of its components may not be relevant, although they fall under the modern information systems, the definition of which we are trying to formulate. Examples of such ICs can be as follows:

• data warehouses;
• enterprise resource planning schemes;
• expert;
• search;
• geographic information;
• global information system;
• business automation.

Computer ICs

Computer information system created using computer technology to perform some or all of the scheduled tasks. Its main components are:

1. A piece of hardware that includes a monitor, processor, printer, and keyboard that work together to receive, process, and display data and information.
2. Software - programs that allow hardware to process data.
3. Databases, which are a repository of related files or tables containing related data.
4. Networks, which are the connecting system that allows different computers to share resources.
5. Procedures, which are a set of commands designed to combine the above components in order to process information.

Information systems, the definition of which is presented in the article, include the first four components (hardware, software, databases and networks) into one complex, which is known as an information technology platform.

IT workers can then use them to create information systems that monitor security, risk, and data management. These activities are known as information technology services.

Development of information systems

Information technology departments in large organizations tend to have a strong influence on the development, use and application of information technology. A number of methodologies and processes can be used to develop and use IS. Many developers now use such an engineering approach as life cycle software development (SDLC), which is a systematized order of development of an information system through stages that occur in a certain sequence.

IS can be developed within an organization or by an external source. This agreement can be achieved by outsourcing certain components or the entire system. A technologically implemented environment for recording, storing and distributing language expressions, for drawing conclusions from such expressions - all this includes the concept of "information systems".

The terms and definitions related to IP are quite complex and do not have a narrow focus, so they can be used in almost any field. But there are also specific areas of their application.

Geographic Information Systems: Definition

Examples of a narrower classification are Geographic Information Systems (GIS) and Earth Information Systems. They allow the collection, storage and analysis and graphical visualization of spatial data. Their development is carried out in several stages, which include:

1. Problems of recognition and specification.
2. Collection of information.
3. Specification requirements for a new system.
4. System design.
5. System architecture.
6. Implementation.
7. Review and maintenance.

Academic discipline

The field of study of the concept of IP covers various topics, including systems analysis and design, computer networks, information security, database management and decision support systems.

The definition of "classification of information systems" currently does not have a single interpretation. It implies some data management operations, with practical and theoretical solutions to the problems of their collection and analysis. Depending on the field of activity, these can be means of improving the productivity of business applications, programming and software implementation, e-commerce, the use of electronic media, data mining and decision support.

Information systems (definition this concept cited earlier) serve to unite economics and informatics. They are a field for the study of computers and algorithmic processes, including their principles, software and hardware designs, applications, and their impact on society. Many modern scientists have discussed the nature and foundations of information systems, which have their roots in other reference disciplines - for example, computer science, engineering, mathematics, management, cybernetics, etc.

IS can also be defined as the collection of hardware, software, data, people and procedures that work together to produce quality information. They are directly related to information technology, informatics and business. The study of theory and practice related to social and technological phenomena that determine the development, use and impact on human life is an area of ​​interest for those who study information systems.

The definition to which the article was devoted is also used to describe an organizational function that applies this knowledge in industry, government agencies, and also for non-profit organizations. They often come down to the interaction between algorithmic processes and technologies.

The field of study of IP includes the study of theory and practice related to the social and technological phenomena that determine the development, use and impact of information systems in organizations and society. In a broad sense, the term "information systems" means a scientific field of study that considers the strategic, managerial and operational activities of participating in the collection, processing, storage, dissemination and use of information and related technologies in society and organizations.

The term "information systems" is also used to describe an organizational function that applies this knowledge to industry, government agencies, and non-profit organizations. IS is often reduced to the interaction between algorithmic processes and technologies. This interaction can occur within or across organizational boundaries. An information system is a technology that various organizations use for their own purposes.