What is an "information system" to you? The newly-updated ISO 9000:2026 defines it as "Network of communication channels used within an organization" - an unusual and intriguing perspective, presumably expressed that way to suit the specific context of the Quality Assurance standards?

Hmmmmm, I'm not sure. That (to me) rather curious definition of "information system" has caught my beady eye and left me quietly pondering, for days so far.

The ISO 9000 definition set me wondering about the terms "information", "system", "network", "communication", "channel", "use" and "organization", just in that one example.

"Network", for instance, usually refers to some sort of computer network (of which there are several - LAN, WAN, PAN, HAN, digital, Internet ...) but could equally refer to a social network, an electrical/electronic network, a commercial network, a neural network, a mathematical network or something else entirely.

Likewise with "system" and those other words in the definition: they all have distinct meanings in various contexts.

In the information security management context, for instance, ISO/IEC 27000 defines "information system" as "set of applications, services, information technology assets, or other information-handling components". At face value, that IT-centric definition has little in common with the ISO 9000 version. It is a completely different set of words (well, OK, apart from "of"!).

Context-related terms such as "system", "network" and "technology" fascinate me as I update the Cybersecurity Hyperglossary. Aside from distilling the definitions down to the essentials (as in a dictionary), I'm conscious of differing interpretations and implications in various aspects of cybersecurity (another rich and complex term!). I am also well aware of my own limitations. Despite having been immersed in the field for four decades, always reading and constantly on the lookout for shiny new things, my knowledge is finite, my memory unreliable, my experience and understanding personal. I'm definitely not a know-it-all, still learning every day.

I presume the international experts responsible for ISO 9000 debated and agreed on that specific definition. It is one of about 30 definitions for "information system" in about 30 ISO standards, plus about 300 variant terms (such as "farm management information system") for specific contexts, according to ISO's Online Browsing Platform. Likewise, there are scores of ISO definitions for commonplace terms such as "system", "network" and "technology".

The hyperglossary format shines here. Terms that are common or core to cybersecurity naturally pop up repeatedly* in numerous definitions, each time hyperlinked to their respective entries and definitions. As well as "information technology", for instance, "communications" and "operational technologies" are defined, plus other less common technologies.

To see how it works if you don't (yet!) own a copy of the hyperglossary, take a look at the 'A' chapter sampler ...

* I've just checked. My working copy of the Cybersecurity Hyperglossary manuscript has just under 50,000 internal hyperlinked cross-references - 50k! - plus another ~500 hyperlinks to Internet sources. Roughly 1 in 6 words is hyperlinked - a rich tapestry indeed ... and, yes, I suppose you could call it an "information system", though I prefer "book".