Concept Taxonomy — Information Systems

The 580 concepts in this learning graph are organized into 24 taxonomic categories. Each category groups concepts that share a pedagogical role and that students typically learn together.

Categories

Foundation Concepts (FOUND)

The bedrock vocabulary every IS student must hold before any other topic makes sense — what an information system is, the relationship between data, information, and knowledge, the components (hardware, software, network, user, process, organization), and the framing of IS as a sociotechnical and ABET-aligned discipline.

Role of IS in Organizations (ROLE)

The strategic, governance, and human side of IS — value chains, competitive advantage, IT governance frameworks (COBIT, ITIL), executive roles (CIO, CTO, CDO, CISO), professional ethics, and the IS-organization-vendor relationship.

Information Systems Architecture (ARCH)

How IS components are organized — application portfolios, three- and n-tier architectures, enterprise architecture frameworks (TOGAF, Zachman), integration patterns, SOA, microservices, event-driven designs, and the API economy.

Application Development (APPDEV)

The practice of building IS applications — SDLC variants, agile and Scrum mechanics, requirements engineering, version control, CI/CD, code review, low-code/no-code, and technical debt.

Data and Information Management (DATA)

Core data discipline — data modeling, normalization, SQL, transactions, ACID, plus the six database categories the modern IS professional must select among (Relational/SQL, Analytical/OLAP, Key-Value, Column-Family, Graph, Document/JSON+XML), data warehousing, lakes, and lakehouses.

Data Governance and Quality (DATAGOV)

Data integration and stewardship — ETL/ELT, data pipelines, master data management, data quality, lineage, catalogs, governance councils, DAMA DMBOK, data mesh, and data products.

Business Intelligence and Analytics (BI)

Turning data into decisions — descriptive/diagnostic/predictive/prescriptive analytics, KPIs, dashboards, OLAP cubes, BI platforms (Power BI, Tableau), data visualization, and decision support systems.

Enterprise Systems (ENT)

Packaged business applications — ERP, CRM, SCM, HRIS, payroll, talent management, configuration vs. customization, rollout strategies, and the implementation-partner ecosystem.

Networks and Telecommunications for Business (NET)

Networking at a managerial level — LAN/WAN/Internet, VPN, SD-WAN, capacity planning, latency and throughput, SLAs, cloud connectivity, network monitoring, and telecom procurement.

Cloud Computing (CLOUD)

Cloud service and deployment models — IaaS, PaaS, SaaS, FaaS, public/private/hybrid/multi-cloud, cost models, FinOps, containers, Kubernetes, and migration strategies.

Security of Information Assets (SEC)

Securing IS — CIA triad, AAA, identity and access management (MFA, SSO, SAML, OAuth, OIDC), RBAC/ABAC, zero trust, encryption, PKI, security frameworks (NIST CSF, ISO 27001, CIS), threat modeling, and incident response.

Privacy, Compliance, and Regulation (PRIV)

The legal and ethical envelope around data — GDPR, CCPA/CPRA, HIPAA, SOX, PCI-DSS, data subject rights, privacy by design, cross-border transfer, breach notification, and privacy engineering.

IS Project Management (PM)

Planning and running IS projects — charters, scope, WBS, schedules, the project triangle, risk and change management, PMBOK and PRINCE2, agile/waterfall/hybrid, EVM, and PMOs.

Business Process Management (BPM)

Modeling and improving organizational work — BPMN notation, as-is/to-be analysis, process reengineering, Lean and Six Sigma, RPA, process mining, and business rules engines.

Systems Analysis and Design (SAD)

The classical IS analyst toolkit — feasibility studies, use cases, UML diagrams, prototyping, RFP processes, vendor evaluation, and testing/cutover practices.

Human-Computer Interaction (HCI)

Designing IS interfaces for real users — usability heuristics, accessibility (WCAG), user research, personas, journey maps, information architecture, and responsive/inclusive design.

IT Service Management (ITSM)

Operating IS in production — ITIL service lifecycle, incident/problem/change management, CMDB, service catalogs, SLAs/OLAs, help desk operations, observability, SLOs/SLIs, and on-call/postmortem culture.

AI in Information Systems (AIIS)

The AI capability layer of modern IS — predictive ML, generative AI, LLMs, foundation models, prompt engineering, RAG, vector databases, AI agents, AI capabilities embedded in ERP/CRM/ITSM, model APIs, model and system cards, hallucination, grounding, and human-in-the-loop design.

Responsible and Ethical AI (RAI)

Governing AI in the enterprise — NIST AI RMF (Govern/Map/Measure/Manage), ISO/IEC 42001, bias and fairness, explainability, transparency, AI acceptable-use policies, sanctioned-model lists, shadow AI, AI incident management, AI inventory, and trustworthy-AI principles.

AI Law and Regulation (AILAW)

The legal landscape for AI in IS — EU AI Act risk tiers, US AI executive orders, Colorado AI Act, NYC AEDT law, sectoral overlays (HIPAA + AI, ECOA + AI, FERPA + AI), copyright and training-data provenance, AI procurement clauses, and right-to-explanation rules.

AI and Information Security (AISEC)

AI-specific threats and defenses — prompt injection, jailbreaking, training-data poisoning, model inversion and exfiltration, OWASP LLM Top 10, MITRE ATLAS, secure AI SDLC, AI red-teaming, defensive AI in the SOC, and privacy-preserving ML (federated learning, differential privacy).

AI Productivity Impact (AIPROD)

How AI is reshaping IS work — AI in the help desk (ticket routing, virtual agents, KB copilots, deflection metrics), AI in application development (code completion, test generation, code review), AIOps, AI in business analysis and project management, productivity measurement, and workforce-transition planning.

Knowledge Graphs and Enterprise Nervous System (KGENS)

The semantic and event-driven backbone of the AI-ready enterprise — labeled property graphs, ontologies, Cypher and GQL, graph databases (Neo4j, Neptune, TigerGraph, Memgraph), entity resolution, Enterprise Knowledge Graphs, GraphRAG, and the Enterprise Nervous System pattern (event sources, streaming platforms, complex event processing, rule and policy engines, sense-and-respond loops, real-time decisioning on external signals).

Emerging Topics (EMRG)

Forward-looking themes that round out the modern IS curriculum — sustainable and circular IT, data mesh, post-quantum cryptography, edge computing, digital twins, Industry 4.0, and the AI-native organization.