Skip to main content

Technical context of an information system

Find the technical context of an information system to get a basic understanding of its current security position — this way, you can know whether a change makes that position better or worse.

Stakeholders for the technical context

For the information system that you’re assessing for risk, you’ll need to meet with its technical stakeholders. Depending on the roles in your organisation, these could be:

  • the service or technical owner — or their nominated delegate
  • enterprise or solution architects
  • subject matter experts
  • development and operations (DevOps) teams.

Make sure all the relevant stakeholders are involved and that everyone is on board with setting up a successful risk assessment.

Setting up a successful risk assessment

Technical context for public cloud services

Risk assessments for public cloud services focus on internal and external risks — as defined by the International Organization for Standardization (ISO). Technical stakeholders can help you to identify, quantify and treat these risks.

Risk management — Guidelines — ISO 31000:2018

Aspects of legacy-system technical contexts

When meeting with technical stakeholders about a self-hosted, legacy information system, focus on identifying its:

  • logical architecture
  • system components.

Logical architecture

Views of the system and component levels for an information system. These should include the:

  • security domains where system components are located
  • system interfaces and information flows — where and how data is stored, transmitted and processed.

Stakeholders responsible for the logical architecture

Responsible for identifying the information system’s components and defining its boundaries are the:

  • service owner — or their nominated delegate
  • enterprise or solution architect.

System components

The hardware and software components that make up the information system. List all direct and indirect components, such as:

  • servers
  • switches
  • firewalls
  • operating systems
  • applications
  • databases.

Stakeholders responsible for the system components

Subject matter experts in the organisation’s information and communications technology (ICT) are responsible for the ongoing support and maintenance of the information system.

Utility links and page information

Was this page helpful?
Thanks, do you want to tell us more?

Do not enter personal information. All fields are optional.

Last updated