Hi,
I am trying to describe the different types of information systems at my job with definitions. Right now, we have "parent", "component", "instance", "stand alone", "shared services" and "stand alone" and it doesn't make sense at all.
Does anyone have any ideas on categories or types of information systems with some NIST or other backing?
Thanks,
Tom
@CraginS wrote:
Consider, instead, various dimensions for the systems, based on things you must do to support them. For instance:
Classification level (sensitivity) of the stored information, such as privacy, HIPPA, entrprise proprietary, etc.
Access breadth, such as internal users only, shared with contracted associates, and public facing.
Legal storage and archiving requirements.
Infrastructure management such as HVAC, elevators control, network management.
Continuity of Operations requirements for backup, fail over, offsite storage, etc.
... and so on.
You bring up a good point here. Determining the data types and business processes the systems are used in are more important than just classifying by the system type alone. For example, a low, medium, or high impact level designation if CIA are compromised.