Define all expected user types, including:
- General information system users
- External business partners
- External users/customers
- System administrators (manage infrastructures)
- Application administrators (manage web application and APIs)
For each user type, identify:
- Where the user will be accessing the information system:
- Internal network
- VPN
- Internet
- Identify the client software utilized by each class of users:
- Is the application a web application/browser-based?
- Does the application require a thick client?
- Identify any specific client access requirements.
- IP addresses
- URLs
- TCP ports
The following is an example of a completed user type collection form where you have identified the user type and the mechanisms used to provide access to the underlying information system:
|
User type |
Access type |
Client software |
IP address |
TCP port |
URL |
|
General user |
Internal network |
Web browser |
N/A |
N/A |
https://thewebapp |
|
External business partner |
Internet |
Web browser |
N/A |
N/A |
https://thewebapp |
|
Customers |
Internet |
Web browser |
N/A |
N/A |
https://thewebapp |
|
System administrator |
VPN |
Windows operating system tools |
10.0.0.1 |
42 |
N/A |
|
Application administrator |
Internal network |
Thick client |
10.0.0.2 |
24 |
N/A |