A set of information system methods. Stages of development of information systems. What is a corporate information system

Introduction……………………………………………………………………………….2

1. Information system and its types……………………………………………...3

2. Composition of automated information systems……………………………9

3. Technological process of information processing…………………………….16

4. The role of information technology in the design, operation and modification of information systems………………………………………………………20

5. CASE technologies…………………………………………………………………...22

Conclusion………………………………………………………………………………………...28

List of references………………………………………………………………..29

Introduction

The 21st century, which marks the beginning of the third millennium, has challenged humanity in the form of pervasive international communications, the World Wide Web, the Internet, and the emergence of a virtual economy. And who today can say with complete confidence that, leaving the 21st century. will not bring humanity a more serious threat in the form of the emergence of “machine (i.e., electronic) intelligence” and “human-machine” economy? XXI century provides us with an opportunity to look at the development of the economy since its inception, and also to take an intelligent look at the future of the economy and humanity.

Using communication means, you can, without leaving your home, manage production lines or the financial and commercial activities of an enterprise, maintain accounting records, study remotely at an educational institution, read books in the library, buy goods, make banking, stock exchange and other financial transactions. , etc. Appearance at the end of the 20th century. Information technology has led to the emergence of the most profitable business - the interactive business.

It can be said with complete confidence that in the middle of the 21st century. The leaders of the world economy and international trade will be those countries that will have high technology and knowledge-intensive industries. This means that the export of Russian oil, minerals, trade in weapons and heavy engineering products by Russian firms will occupy one of the lowest places in international trade and will no longer provide the income that Russia had at the end of the 20th century.

In a market economy, the approach to management is radically changing, from functional to business-oriented, and the role of information technology is radically changing. A focus on business process-based management provides a competitive advantage for an organization in highly competitive environments, and business process-based management cannot be effectively implemented without the use of information technologies and systems.

1. Information system and its types.

Information system is an interconnected set of means, methods and personnel used to store, process and issue information in the interests of achieving a set goal. The modern understanding of an information system involves the use of a computer as the main technical means of processing information. It is necessary to understand the difference between computers and information systems. Computers equipped with specialized software are the technical basis and tool for information systems. An information system is unthinkable without personnel interacting with computers and telecommunications.

In the legal and regulatory sense, an information system is defined as “an organizationally ordered set of documents (an array of documents) and information technologies, including the use of computer technology and communications that implement information processes” [RF Law “On Information, Informatization and Information Protection” dated February 20, 1995, No. 24-FZ].

The processes that ensure the operation of an information system for any purpose can be conventionally represented as consisting of the following blocks:
entering information from external or internal sources;
processing input information and presenting it in a convenient form;
outputting information for presentation to consumers or transfer to another system;
Feedback is information processed by people of a given organization to correct input information.

In general, information systems are defined by the following properties:
1) any information system can be analyzed, built and managed on the basis of general principles for building systems;
2) the information system is dynamic and developing;
3) when building an information system, it is necessary to use a systematic approach;

4) the output of the information system is the information on the basis of which decisions are made;

5) the information system should be perceived as a human-machine information processing system.

The introduction of information systems can contribute to:
obtaining more rational options for solving management problems through the introduction of mathematical methods; freeing workers from routine work due to its automation; ensuring the reliability of information; improving the structure of information flows (including the document flow system); providing consumers with unique services; reducing costs for the production of products and services (including information).

The type of information system depends on whose interests it serves and at what level of management. Based on the nature of presentation and logical organization of stored information, information systems are divided into factual, documentary and geoinformation systems.

Factual Information Systems accumulate and store data in the form of multiple instances of one or several types of structural elements (information objects). Each of these instances or some combination of them reflects information on a fact or event separately from all other information and facts.

In documentary (documented) information systems A single element of information is a document that is not divided into smaller elements, and information during input (input document), as a rule, is not structured, or is structured in a limited form. For the entered document, some formalized positions can be set (date of production, artist, subject).

In geographic information systems the data is organized in the form of separate information objects (with a certain set of details) linked to a common electronic topographical basis (electronic map). Geographic information systems are used for information support in those subject areas in which the structure of information objects and processes has a spatial-geographical component (transport routes, utilities).

In Fig. 1.1 presents the classification of information systems according to the characteristics of their functional subsystems.

Rice. 1.1. Classification of information systems according to functional criteria.

In the economic practice of industrial and commercial facilities, the typical types of activities that determine the functional attribute of the classification of information systems are production, marketing, financial, and personnel activities.

Classification of information systems by management levels
Highlight:
operational (operational) level information systems – accounting, bank deposits, order processing, ticket registration, salary payments; information system for specialists – office automation, knowledge processing (including expert systems);
tactical level information systems (middle management) – monitoring, administration, control, decision making;
strategic information systems – formulation of goals, strategic planning.

Operational (operational) level information systems
The operational level information system supports executive specialists by processing data on transactions and events (invoices, invoices, salaries, loans, flow of raw materials). The purpose of the information system at this level is to respond to queries about the current status and monitor the flow of transactions in the company, which corresponds to operational management. To cope with this, the information system must be easily accessible, continuously available and provide accurate information. The operational level information system is the link between the company and the external environment.

Information systems of specialists. Information systems at this level help specialists working with data, increase the productivity and productivity of engineers and designers. The task of such information systems is to integrate new information into the organization and assist in the processing of paper documents.
Office automation information systems Due to their simplicity and versatility, they are actively used by employees of any organizational level. They are most often used by semi-skilled workers: accountants, secretaries, and clerks. The main goal is data processing, increasing the efficiency of their work and simplifying clerical work.

These systems perform the following functions: word processing on computers using various word processors; production of high-quality printed products; archiving of documents;
electronic calendars and notebooks for maintaining business information; email and audiomail; video and teleconferences.

Information systems for knowledge processing, including expert systems, absorb the knowledge necessary for engineers, lawyers, scientists when developing or creating a new product. Their job is to create new information and new knowledge.

Tactical level information systems (middle level)
The main functions of these information systems are: comparison of current indicators with past indicators; drawing up periodic reports for a certain time (rather than issuing reports on current events, as at the operational level); providing access to archival information, etc.

Decision support systems serve semi-structured tasks, the results of which are difficult to predict in advance (they have a more powerful analytical apparatus with several models). Information is obtained from management and operational information systems. Characteristics of decision support systems:
provide solutions to problems whose development is difficult to predict;
equipped with sophisticated modeling and analysis tools;
allow you to easily change the formulation of the problems being solved and the input data;
are flexible and easily adapt to changing conditions several times a day; have technology that is maximally user-oriented.

Strategic information systems. Strategic Information System- a computer information system that provides decision support for the implementation of long-term strategic development goals of the organization. There are situations when the new quality of information systems forced to change not only the structure, but also the profile of companies, promoting their prosperity. However, in this case, an undesirable psychological situation may arise associated with the automation of certain functions and types of work, since this may put some of the workers in a difficult situation.

Other classifications of information systems.

Classification by degree of automation. Depending on the degree of automation of information processes in the company's management system, information systems are defined as manual, automatic, automated.

Manual information systems are characterized by the lack of modern technical means of information processing and all operations are performed by humans. For example, about the activities of a manager in a company where there are no computers, we can say that he works with a manual information system.

Automatic information systems perform all information processing operations without human participation.

Automated information systems involve the participation of both humans and technical means in the process of information processing, with the main role assigned to the computer. In the modern interpretation, the term “information system” necessarily includes the concept of an automated system. Automated information systems, given their widespread use in organizing management processes, have various modifications and can be classified, for example, by the nature of the use of information and the scope of application.

Classification by the nature of information use
Information retrieval systems They enter, systematize, store, and issue information at the user’s request without complex data transformations (information retrieval system in the library, railway and air ticket offices).

Information and decision systems carry out all information processing operations according to a specific algorithm. Among them, a classification can be made according to the degree of influence of the generated resultant information on the decision-making process and two classes can be distinguished - governing and advising systems.

Management information systems produce information on the basis of which a person makes a decision. These systems are characterized by the type of tasks of a computational nature and the processing of large volumes of data. An example would be a system for operational production planning and an accounting system.

Advising information systems produce information that is taken into account by a person and does not immediately turn into a series of specific actions. These systems have a higher degree of intelligence, since they are characterized by processing knowledge rather than data.

Classification by scope of application. Information Systems organizational management designed to automate the functions of management personnel. Information Systems process management serve to automate the functions of production personnel. Information Systems computer-aided design designed to automate the functions of design engineers, designers, architects, designers when creating new equipment or technology.
Integrated (corporate) information systems are used to automate all functions of the company and cover the entire cycle of work from design to product sales.

Classification by method of organization. According to the method of organization, group and corporate information systems are divided into the following classes:

Systems based on file-server architecture;

Systems based on client-server architecture;

Systems based on multi-level architecture;

Systems based on Internet/Intranet technologies.

2. Composition of automated information systems.

As a rule, the AIS includes:

· information resources presented in the form of databases (knowledge bases) storing data about objects, the connection between which is specified by certain rules;

· a formal logical-mathematical system, implemented in the form of software modules that provide input, processing, search and output of the necessary information;

· an interface that allows the user to communicate with the system in a form convenient for him and allows him to work with database information;

· personnel determining the functioning of the system, planning the procedure for setting tasks and achieving goals;

· complex of technical means.

The composition of AIS is shown in Fig. 1.5.

Information resources include machine and non-machine information. Machine information is presented in the form of databases, knowledge bases, data banks. Databases (banks) of data can be centralized or distributed.

Rice. 1.5. Composition of AIS

The complex of technical means (CTS) includes a set of computer equipment (computers of different levels, operator workstations, communication channels, spare elements and instruments) and a special complex (means for obtaining information about the state of the control object, local control means, actuators, sensors and devices control and adjustment of technical means).

Software (software) consists of general software (operating systems, local and global networks and complexes of maintenance programs, special computing programs) and special software (organizing programs and programs that implement monitoring and control algorithms).

Personnel and instructional and methodological materials constitute the organizational support of the system.

Procedures and technologies are developed on the basis of logical-mathematical models and algorithms that form the basis of the mathematical software of the system, and are implemented using software and hardware, as well as an interface that provides user access to information.

For example, an expert system (ES) includes:

· an interface that allows you to transfer information to the database and contact the system with a question or explanation;

· working memory (DB), which stores data about objects;

· dispatcher who determines the order of operation of the ES;

· inference machine - a formal logical system implemented in the form of a software module;

· Knowledge base (KB) - a collection of all available information about a subject area, recorded using formal knowledge representation structures (a set of rules, frames, semantic networks).

The most important component of the ES is the explanation block. It allows the user to ask questions and get reasonable answers.

AIS structure. Functional and supporting subsystems

Structure - a certain internal structure of the system.
Based on the definition that an information system is an interconnected set of tools, methods and personnel used for collecting, storing, processing and issuing information in order to solve assigned problems, its structure should be considered as a set of subsystems organized in a certain way that ensure the implementation of these processes.

AIS consists, as a rule, of functional and supporting parts, each of which has its own structure.

Function is a manifestation of the interaction of the system with the external environment. Manifestation of function in time called functioning.

The functional part is a set of subsystems that depend on the characteristics of the automated control system. These subsystems are divided according to a certain characteristic (functional or structural) and combine the corresponding sets of management tasks.

The supporting part is a set of information, mathematical, software, technical, legal, organizational, methodological, ergonomic, metrological support.

The structure of the AIS is shown in Fig. 1.6.

Supporting part.

AIS information support is a set of databases and operating system files, format and lexical databases, as well as language tools intended for entering, processing, searching and presenting information in the form required by the consumer

AIS functions are divided into information, control, protective and auxiliary.

Information functions implement the collection, processing and presentation of information about the state of the automated object to operational personnel or the transfer of this information for subsequent processing. These can be the following functions: measurement of parameters, control, calculation of parameters, generation and delivery of data to operational personnel or related systems, assessment and forecast of the state of the plant and its elements.

Control functions develop and implement control actions on the control object. These include: parameter regulation, logical influence, program logical control, mode control, adaptive control.

Protective functions can be technological and emergency.

When implementing functions automatically, the following modes are distinguished:

· interactive (staff has the opportunity to influence the development of recommendations for managing the facility using software and CTS);

· advisor (staff decides to use recommendations issued by the system);

· manual (personnel makes management decisions based on control and measurement information).

The above diagram of the AIS structure is implemented mainly in information and reference, information and retrieval systems. The structure of more complex systems is essentially an AIMS, i.e., AIS control, automated control systems of various levels and purposes.

For example, AIS “Tax” is a system of organizational management of the State Tax Service bodies. This is a multi-level system that:

· first (highest) level (President of the Russian Federation, Government of the Russian Federation, State Tax Service of the Russian Federation) - methodological guidance and control over taxation for various types of taxes at the country level;

· second level (Tax Services of Territories and Regions, Tax Services of the Republics, Tax Services of Moscow and St. Petersburg) - methodological guidance and control over taxation for various types of taxes at the territorial level;

· third level (Tax inspectorates of districts, Tax inspectorates of cities, Tax inspectorates of urban areas) - direct interaction with taxpayers.

In the tax system, the management process is informational. AIS of the tax service consists of supporting and functional parts.

The supporting part includes information, software, technical and other types of support characteristic of organizational-type AIS.

The functional part reflects the subject area and is a set of subsystems that depend on the features of the automated control system. Each level of AIS has its own set of functional support.

So, at the second level, the structure of the system looks like this (Fig. 1.7).

Rice. 1.7. Structure of the AIS “Tax” (second level)

The subsystem of methodological, auditing and legal activities ensures work with legislative acts, regulations, decrees and other government documents, as well as with regulatory and methodological documents of the State Tax Service of the Russian Federation. The subsystem collects, processes and analyzes information received from territorial tax inspectorates.

The control activity subsystem ensures documentary inspection of enterprises and maintenance of the State Register of enterprises and individuals. The Register of Enterprises contains official registration information about enterprises (legal entities), and the Register of Individuals contains information about taxpayers required to submit income tax returns and pay certain types of taxes from individuals.

The subsystem of analytical activities of the State Tax Inspectorates (STI) provides for analysis of the dynamics of tax payments, forecasting the amount of collection of certain types of taxes, economic and statistical analysis of the economic activities of enterprises in the region, identification of enterprises subject to documentary verification, analysis of tax legislation and development of recommendations for its improvement, analysis of activities territorial tax inspectorates.

The subsystem of intradepartmental tasks solves problems that ensure the activities of the State Tax Inspectorate and includes office work, accounting, logistics, and work with personnel.

The subsystem for preparing standard reporting forms generates summary tables of statistical indicators that characterize typical activities of the State Tax Inspectorate at the regional level in collecting various types of tax payments, and controls this process.

The structure of the system at the third level includes the following functional subsystems:

· registration of enterprises;

· desk check;

· maintaining personal cards of enterprises;

· analysis of the state of the enterprise;

· documentary check;

· maintaining regulatory documentation;

· intradepartmental tasks;

· processing of documents of individuals.

It does not seem appropriate to describe these subsystems in detail here.

Note that functional subsystems consist of sets of tasks that are characterized by a certain economic content and the achievement of a specific goal. In a set of tasks, various primary documents are used and output documents are compiled on the basis of interconnected calculation algorithms, which are based on methodological materials, regulatory documents, instructions, etc.

Considering AIS as an information automated enterprise management system (ACMS), we can, for example, imagine its structure as shown in Fig. 1.8.

Rice. 1.8. Automatic control system structure

There may be other functional subsystems.

An automated control system, like any control system, can be conveniently considered as a certain set of processes and objects (interrelated elements). Each of the subsystems is separate and can be considered as a part (subsystem) of a higher-level system.

The automated control system is built according to the hierarchical principle (multi-level subordination) of interconnection, both in terms of structural location and distribution of management functions. The system can be represented as a composition of subsystems at various levels. To obtain the elementary components of the system, its decomposition is performed, forming a metasystem tree on which subsystems of various levels are distinguished.

Decomposition is carried out according to functions or composition of elements (data, information, documents, technical means, organizational units, etc.).

3.Technological process of information processing.

The technology for automated processing of economic information is based on the following principles:

Integration of data processing and the ability of users to work in the operating conditions of automated systems for centralized storage and collective use of data (data banks);

Distributed data processing based on developed transmission systems;

Rational combination of centralized and decentralized management and organization of computer systems;

Modeling and formalized description of data, procedures for their transformation, functions and jobs of performers;

Taking into account the specific features of the object in which machine processing of economic information is implemented.

The entire technological process can be divided into processes for collecting and entering initial data into a computer system, processes for placing data and storing it in the system’s memory, processes for processing data in order to obtain results, and processes for issuing data in a form convenient for user perception.

The technological process can be divided into 4 major stages:

1. - initial or primary (collection of initial data, their registration and transfer to the computer);

2. - preparatory (reception, control, registration of input information and transferring it to computer media);

3. - basic (direct information processing);

4. - final (control, release and transmission of resultant information, its reproduction and storage).

Depending on the technical means used and the requirements for information processing technology, the composition of the technological process operations also changes. For example: information on a computer can arrive at MN prepared for input into a computer or be transmitted via communication channels from the place of its origin.

Data collection and recording operations are carried out using various means.

There are:

─mechanized;

List of used literature

1. CIT course “Internet technologies in projects with plastic cards.” V. Zavaleev, “Center”, 1998.

2. “Information Technologies: Theory and practice of advertising in Russia.” I. Krylov, “Center”, 1996.

3. "Network Magazine", No. 10, 1999.

4. “PC WEEK”, No. 6, 1998.

5. Information from the Website “Electronic payment systems”, http://www.emoney.ru

6. Information from the Website “Bank of Abstracts”, http://www.bankreferatov.ru

7. Automated information technologies in economics: Textbook. for universities/Ed. G.A. Titorenko, 2006.

8. Aliev V.S., Information technologies and financial management systems, 2007.

9. Fedorova G.V., Information technologies of accounting, analysis and audit, 2006.

10. G.N. Isaev, Information systems in economics, 2008.

11. Automated information technologies in economics: Textbook. for universities / M.I. Semenov, I.T. Trubilin, V.I. Loiko, T.P. Baranovskaya;Under the general name. Ed. I.T. Trubilina. - M.: Finance and Statistics, 2003.-416 p.

12. Kozyrev A.A. Information technologies in economics and management: Textbook, 2001.

13. Romanets Yu.V. Protection of information in computer systems and networks. / Ed. V.F. Shangina. M.: Radio and communication, 2001.-376 p.

The article by Nikolai Mikhailovsky, published in this issue of the magazine, rightly points out the confusion in IT terminology. This confusion covers not only the concepts of “information system” (IS) and “IS architecture”; it is not at all harmless and often makes it difficult in practice to clearly determine what is the subject of development in a particular project: the IS, only its QCA (see below) or the system (AS) as a whole?

To try to clarify the matter, below are key definitions from regulatory documents and, for comparison, from more general sources. Definitions were selected from the working materials of the author of this note, which were in addition to the main materials of courses for specialists and managers. (This explains the presence of comments and the free arrangement of material in this note - after all, this is not a glossary!) That is why this is said: practice has repeatedly shown that a glossary is not enough. Creating a common "conceptual space" - among at least ten course participants - requires another half hour to an hour of discussion to obtain the same understanding of such things as "system", "IS" and "QCA". Finally, we regret to note that outside the scope of the note there was material that could clarify what “System engineering” is, software architecture and other important processes and subjects of designing, designing and using systems.

System:

A complex consisting of processes, hardware, software, devices and personnel that has the ability to satisfy established needs or goals ().

Note: quite close to the definition of an automated system (AS) in GOST 34.

Automated system (AS):

In the process of functioning, an automated system is a collection of a set of automation tools, organizational, methodological and technological documents and specialists who use them in the course of their professional activities. (From the guidelines RD 50-680-88 series of GOST 34 standards for automated systems (AS).)

A comment.
Recent years have been marked by a qualitative expansion of the meaning of the term “system”, reflected in the documents of international committees and professional societies focused on IT. There is a transition to an interpretation that is even broader than indicated in, due to the explicit inclusion of components of other types (materials, methods, etc.). In this regard, the relevance of the broader use of the term “information management system” (see, for example, in) and the narrower use of the term “information system” (see below) is growing.

Information system (IS):

1) a system designed for collecting, transmitting, processing, storing and issuing information to consumers and consisting of the following main components:

• software,
• Information Support,
• technical means,
• service staff ().

2) Information system - The collection of people, procedures, and equipment designed, built, operated, and maintained to collect, record, process, store, retrieve, and display information ().

A comment.
IS is initially considered as a system indifferent to the specific goals of users, similar to an automatic telephone exchange, a general-purpose library or a station information service, which provides its information services as a subsystem or related system to a more general system: an enterprise, city, industry, country, etc. (cm. ). Let us note once again that too often IP is understood as a variety of things - from KSA to AC.

The standards contain a clear definition of the technical concept “IT system”, which is often required to be used instead of IS. So in GOST R ISO/IEC TO 10000-1-99 it is defined

Information technology system (IT system):

A set of information technology resources that provides services over one or more interfaces. (This is close to the concept of “complex of automation equipment” in the guidelines RD 50-680-88 from GOST 34, where the main provisions of this complex of normative documents are given.)

A set of automation tools for an automated system; KSA AC:

The totality of all components of the AS, with the exception of people ().

Sources(which are not named directly in the text)

1. Webster's New World Dictionary of Computer Terms, Fourth edition, 1993.
2. GOST 34.003-90. Information technology. A set of standards and guidelines for automated systems. Terms and Definitions.
3. D. Meister, J. Rabideau, Engineering-psychological assessment in the development of control systems. "Soviet Radio", M. 1970.
4. Big English-Russian Polytechnic Dictionary, M., “Russian Language”, 1991.
5. Information systems in economics: Textbook / Ed. Prof. V.V. Dick. - M.: Finance and Statistics, 1996.
6. GOST R ISO/IEC 12207-99. Information technology. Software life cycle processes. STATE STANDARD OF RUSSIA. Moscow, 1999.

Zinder Evgeniy Zakharovich,
editor-in-chief of DIS magazine, director of the analytical and design bureau "Group 24".
You can write to him at the following addresses:

There are about 100 state information systems in the Russian Federation, they are divided into federal and regional. An organization operating any of these systems is required to comply with security requirements for the data processed within it. Depending on the classification, different information systems are subject to different requirements, for non-compliance with which sanctions are applied - from a fine to more serious measures.

The operation of all information systems in the Russian Federation is determined by the Federal Law of July 27, 2006 No. 149-FZ (as amended on July 21, 2014) “On information, information technologies and information protection” (July 27, 2006). Article 14 of this law provides a detailed description of GIS. Operators of state information systems in which restricted access information is processed (not containing information constituting a state secret) are subject to the requirements set out in Order No. 17 of the FSTEC of Russia dated February 11, 2013 “On approval of requirements for the protection of information that does not constitute a state secret contained in state information systems."

Let us recall that an operator is a citizen or legal entity engaged in the operation of an information system, including the processing of information contained in its databases.

If an organization is connected to a state information system, then FSTEC Order No. 17 obliges the system to be certified, and only certified information security tools (with valid FSTEC or FSB certificates) must be used to protect information.

There are often cases when the operator of an information system mistakenly classifies it as a GIS, when it is not one. As a result, excessive security measures are applied to the system. For example, if by mistake the operator of a personal data information system classified it as state-owned, he will have to comply with more stringent requirements for the security of the information being processed than required by law. Meanwhile, the requirements for the protection of personal data information systems, which are regulated by FSTEC Order No. 21, are less stringent and do not require certification of the system.

In practice, it is not always clear whether the system to which you need to connect is state-owned, and, therefore, what measures to build information security need to be taken. Nevertheless, the plan of inspections by regulatory authorities is growing, and fines are systematically increasing.

How to distinguish GIS from non-GIS

A state information system is created when it is necessary to ensure:

• implementation of powers of government agencies;
• information exchange between government agencies;
• achieving other goals established by federal laws.

You can understand that an information system belongs to the state using the following algorithm:

1. Find out if there is a legislative act requiring the creation of an information system.
2. Check the availability of the system in the Register of Federal State Information Systems. Similar registers exist at the level of the constituent entities of the Federation.
3. Pay attention to the purpose of the system. An indirect sign of classifying a system as a GIS will be a description of the powers that it implements. For example, each administration of the Republic of Bashkortostan has its own charter, which also describes the powers of local government bodies. The IS “Registration of citizens in need of residential premises on the territory of the Republic of Bashkortostan” was created to implement such powers of administrations as “adopting and organizing the implementation of plans and programs for the comprehensive socio-economic development of the municipal region”, and is a GIS.

If the system involves the exchange of information between government agencies, it is also highly likely to be state-owned (for example, an interdepartmental electronic document management system).

This is GIS. What to do?

FSTEC Order 17 prescribes the following measures to protect information for GIS operators:

• developing requirements for the protection of information contained in the information system;
• development of an information security system for an information system;
• implementation of an information security system;
• certification of the information system according to information security requirements (hereinafter referred to as ISPD certification) and its commissioning;
• ensuring the protection of information during the operation of a certified information system;
• ensuring the protection of information during decommissioning of a certified information system or after a decision is made to terminate information processing.

Organizations that are connected to government information systems must perform the following actions:

1. Classify IP and identify security threats.

IP classification is carried out in accordance with clause 14.2 17 of the FSTEC order.

Threats to information security are determined based on the results

• assessing the capabilities of violators;
• analysis of possible information system vulnerabilities;
• analysis (or modeling) of possible ways to implement threats to information security;
• assessing the consequences of violating information security properties (confidentiality, integrity, availability).

2. Generate requirements for the information processing system.

System requirements must contain:

• the purpose and objectives of ensuring information security in the information system;
• information system security class;
• a list of regulatory legal acts, methodological documents and national standards that the information system must comply with;
• list of information system protection objects;
• requirements for measures and means of information protection used in the information system.

3. Develop an information security system for the information system.

To do this you need to do:

• designing an information security system for an information system;
• development of operational documentation for the information security system of the information system;
• prototyping and testing of the information security system of the information system.

4. Implement the information security system of the information system, namely:

• installation and configuration of information security tools in the information system;
• development of documents defining the rules and procedures implemented by the operator to ensure the protection of information in the information system during its operation (hereinafter referred to as organizational and administrative documents on information protection);
• implementation of organizational measures to protect information;
• preliminary testing of the information security system of the information system;
• trial operation of the information security system;
• checking the constructed information security system for vulnerability;
• acceptance tests of the information security system of the information system.

5. Certify ISPDn:

• conduct certification tests;
• receive a certificate of conformity.

There is a widespread belief that in order to pass an inspection by regulatory authorities, it is enough to have organizational and administrative documents, so GIS operators often neglect to implement security measures. Indeed, Roskomnadzor pays close attention to documents and the implementation of organizational and administrative measures to protect personal data in the organization. However, if questions arise, specialists from FSTEC and the FSB may be involved in the inspection. At the same time, FSTEC looks very carefully at the composition of technical information protection and checks the correctness of the threat model, and the FSB checks the implementation of requirements regarding the use of cryptographic information protection means.

Oleg Necheukhin, information systems protection expert, Kontur-Security

Information and information technologies and technical means that ensure its processing."

One of the broadest definitions of IS was given by M. R. Kogalovsky: “an information system is a complex that includes computing and communication equipment, software, linguistic tools and information resources, as well as system personnel and provides support for a dynamic information model of some part of the real world to satisfy information needs of users".

The ISO/IEC 2382-1 standard defines it as follows: “An information system is an information processing system that works in conjunction with organizational resources, such as people, hardware and financial resources, that provide and distribute information.”

Russian GOST RV 51987 defines an information system as “an automated system, the result of which is the presentation of output information for subsequent use.”

IN in the narrow sense An information system refers to only a subset of IS components in a broad sense, including databases, DBMS and specialized application programs. An IS in the narrow sense is considered as a hardware and software system designed to automate the targeted activities of end users, providing, in accordance with the processing logic embedded in it, the possibility of obtaining, modifying and storing information.

In any case, the main task of IS is to satisfy specific information needs within a specific subject area. Modern information systems are de facto unthinkable without the use of databases and DBMS, therefore the term “information system” in practice merges in meaning with the term “database system”.

Ideally, a unified corporate information system should operate within the enterprise, satisfying all existing information needs of all employees, services and departments. However, in practice, the creation of such a comprehensive IS is too difficult or even impossible, as a result of which an enterprise usually operates several different IS that solve separate groups of tasks: production management, financial and economic activities, etc. Some tasks are “covered” simultaneously by several IS, Some tasks are not automated at all. This situation is called “patchwork automation” and is quite typical for many enterprises.

Classifications of information systems

Classification by architecture

According to the degree of distribution they are distinguished:

• desktop (desktop), or local IS in which all components (DB, DBMS, client applications) are located on one computer;
• distributed (distributed) ICs in which components are distributed across several computers.

Distributed information systems, in turn, are divided into:

• file-server IS (IS with file-server architecture);
• client-server IS (IS with client-server architecture).

In file server IS, the database is located on the file server, and the DBMS and client applications are located on workstations.

In client-server IS, the database and DBMS are located on the server, and client applications are located on workstations.

In turn, client-server ISs are divided into two-link And multi-link.

Classification by degree of automation

Classification by the nature of data processing

Based on the nature of data processing, information systems are divided into:

• information and reference, or information retrieval information systems, in which there are no complex data processing algorithms, and the purpose of the system is to search and provide information in a convenient form;
• Data Processing IC, or decisive IP, in which data is processed using complex algorithms. Such systems primarily include automated control systems and decision support systems.

Classification by area of ​​application

Since ISs are created to satisfy information needs within a specific subject area, each subject area (field of application) has its own type of IS. It makes no sense to list all these types, since the number of subject areas is large, but the following types of IS can be cited as an example:

• Economic information system is an information system designed to perform management functions at an enterprise.
• Medical information system is an information system intended for use in a medical or treatment-and-prophylactic institution.
• Geographic information system - an information system that provides collection, storage, processing, access, display and dissemination of spatially coordinated data (spatial data).

Classification by task coverage (scale)

• Personal The IS is designed to solve a certain range of problems for one person.
• Group IS is focused on the collective use of information by members of a work group or unit.
• Corporate IS ideally covers all information processes of the entire enterprise, achieving their complete consistency, redundancy and transparency. Such systems are sometimes called integrated enterprise automation systems.

Notes

see also

Literature

• William S. Davis, David C. Yen The Information System Consultant's Handbook. Systems Analysis and Design. - CRC Press, 1998. - 800 pp. - ISBN 0849370019
• Kogalovsky M.R. Advanced technologies of information systems. - M.: DMK Press; IT Company, 2003. - 288 p. - ISBN 5-94074-200-9
• Kogalovsky M.R. Encyclopedia of Database Technologies. - M.: Finance and Statistics, 2002. - 800 p. - ISBN 5-279-02276-4

Wikimedia Foundation.

• 2010.

Information system Financial Dictionary - Information system (Information system) is a system for collecting, storing, processing, converting, transmitting and updating information using computer and other equipment. Thus, the elements of this system are non-material... ...

Economic-mathematical dictionary According to the definition of the Federal Law on Information, Informatization and Information Protection of January 25, 1995, an organizationally ordered set of documents (arrays of documents) and information technologies, including the use of computing tools... ...

Legal dictionary 1) an organizationally ordered set of documents (arrays of documents) and information technologies, including the use of computer technology and communications that implement information processes; 2) infrastructure, organization,… …

Dictionary of emergency situations The totality of information contained in databases and the information technologies and technical means that ensure its processing. Dictionary of business terms. Akademik.ru. 2001...

Information system Dictionary of business terms - (English information system) in the Russian Federation, an organizationally ordered set of documents (arrays of documents) and information technologies, incl. using computer technology and communications that implement information processes. IN… …

Encyclopedia of Law INFORMATION SYSTEM - an organizationally ordered set of documents (arrays of documents) and information technologies, including the use of computer technology and communications that implement information processes...

Legal encyclopedia Information system

- 2.49 information system: A system that organizes the processing of information about the subject area and its storage.

10. Information systems

1. Information systems: definition, purpose of creation, structure.

2. Basic principles of IS development

3. Classification of information systems.

4. Systems of classification and coding of economic information.

1. Information systems: definition, purpose of creation, structure.

Information- this is some information, knowledge about objects and processes of the real world. Economic information is usually displayed in the form of documents.

Document - is a material medium of information that has legal force and is drawn up in the prescribed manner.

System is a complex of interconnected means acting as a single whole. Each system is characterized by structure, input and output flows, purpose and limitations, and the law of operation.

System covers a complex of interrelated elements that act as a single whole in achieving set goals.

Each system includes components

1. The structure of the system is the set of elements of the system and the relationships between them.

2. Functions of each element of the system

3. Input and output of each element and the system as a whole.

4. Goals and limitations of the system and its individual elements (achievements: reducing costs and increasing profits)

Each system has the properties of divisibility and integrity.

IP ensures the collection, storage, and processing of information about the facility, supplying employees of various ranks with information for the implementation of management functions.

EIS is system, functioning which consists in collecting, storing, processing and disseminating information about the activities of any economic entity in the real world.

EIS are designed to solve problems of data processing, office automation, searching for information and individual tasks based on artificial intelligence methods (from lectures).

Information system (IS) is a software and hardware complex designed for automated collection, storage, processing and delivery of information. Typically, information systems deal with large volumes of information that have a fairly complex structure. Classic examples of information systems are banking systems, transport ticketing systems, etc.

IS always specializes in information from a certain area of ​​the real world: economics, technology, medicine, etc. The part of the real world displayed in the IC is called subject area . Therefore, economic IP is IP whose subject area is economics. In this sense, it acts as an information model of the subject area.

Any management system for an economic object has its own information system, called an economic information system.

Economic Information System (EIS) - these are a set of internal and external flows of direct and feedback information communication of an economic object, methods, means, specialists involved in the process of information processing and the development of management decisions.

The information system is an information service system for employees of management services and performs technological functions for the accumulation, storage, transmission and processing of information. It develops, is formed and functions in accordance with the regulations determined by the methods and structure of management activities adopted at a specific economic entity, and implements the goals and objectives facing it.

IP structure

The most common division of EIS subsystems is the separation of supporting and functional parts. The functional part is actually a model of the facility management system. In relation to control systems, a sign of structuring can be the functions of object management, according to which the EIS consists of functional subsystems. The supporting part of the EIS consists of information, technical, software, organizational, legal and other types of support.

Regardless of the characteristics, any EIS consists of functional and supporting parts. The functional part is determined by the set of tasks to be solved, identified by certain types of activities of various economic entities (by function).

The supporting part is a set of interconnected means of a certain type that ensure the functioning of the system as a whole or its individual elements. The supporting subsystems include: information support of IO, technical support of TO, mathematical support of MO, legal support of Prav.O, software software, organizational support of Org.O, technological support of Tech.O

IO is a set of a unified system for classifying and encoding information, unified documentation systems, information flow diagrams circulating in organizations, as well as a methodology for constructing a database. IO is divided into extra-machine and intra-machine.

A non-machine unified documentation system, as well as a classification and coding system for accounting information.

In-machine – documents and arrays of documents located in computer memory in the form of libraries, archives, databases, knowledge bases.

TO is a set of technical means intended for the operation of an IS, as well as the corresponding documentation for these means and technological processes.

Tech.O - focused on the selected information technology for entering, registering, transferring, processing and issuing effective information. (centralized, distributed, decentralized)

Software – includes: general system and special software products, as well as technical documentation (OS, shells, programs...)

Mat.O. – a set of mathematical methods, models, algorithms for the implementation of the goals and objectives of the IS, as well as the functioning of a complex of technical means.

Org.O is a set of methods and means that regulate the interaction of workers with technical means and with each other in the process of developing and operating an IS.

Right. – a set of legal norms that determine the creation of legal status and functioning of IP, regulating the procedure for obtaining the transformation and use of information. (from lectures)

The structure of information includes the following concepts: information space, subject area, object, object instance, object properties, interaction of objects and interaction properties. To describe a subject area means to list objects and the relationships between them, and then describe them with attributes and constituent units of information.

The structure of economic information is quite complex and can include various combinations of information sets that have a certain content. An information set is understood as a group of data characterizing an object, process, or operation. Based on their structural composition, information sets can be divided into:

requisites,

indicators,