Mohsen Shafiei Nikabadi; Samane. Toghi; Amir Hakaki
Abstract
The study conducted with aim of ranking each aspect of information security risk management. At the first stage, the dimensions and characteristics of each have been identified based on the research literature and expert opinions. In order to rank the factors under study using a hybrid approach using ...
Read More
The study conducted with aim of ranking each aspect of information security risk management. At the first stage, the dimensions and characteristics of each have been identified based on the research literature and expert opinions. In order to rank the factors under study using a hybrid approach using FEMA and Gray theory, 50 questionnaires collected among IT, soft ware, and network experts that choosed based on researchers’ judgement and accessible one. According to the results, the security of communications was ranked first. Infrastructure of hard ware and network, human factors, security management, access to information and systems and the development of secure information systems were ranked second to sixth, respectively.Therefore, it is recommended that organizations set up an independent security department within the organization. Also, providing a list of all the information assets of the organization and specifying control and strategic goals in the area of information security in the organization can be useful for organizations. Moreover, if the organization has several branches and need internet connection, preferably communications are available as VPN. In addition, if organizations have web automation for outside usage, the site should be licensed with SSL and https protocol.
, Reza Yousefi Zenouz; Seyed Sajjad Najafi esfahani; , Ebrahim Koulivand
Abstract
While electronic government could help the development of the country and also boost the security and decrease the corruption, but, at the same time it can prepare an infrastructure for other types of crimes and facilitate some type of corruptions. This paper attempts to identify and prioritize the security ...
Read More
While electronic government could help the development of the country and also boost the security and decrease the corruption, but, at the same time it can prepare an infrastructure for other types of crimes and facilitate some type of corruptions. This paper attempts to identify and prioritize the security features and necessities that Government Service Bus(GSB) should have as an electronic government infrastructure. Afterwards vast literature review and interview with the designers and users of this system, the security requirements of different stakeholders were identified. After that by content analysis, these requirements were refined and codified. Three categories of requirements are strategic,, technical and legal or national security requirements. Then adopting Kano model and quality function deployment (QFD) the requirements were processed and prioritized. The results and findings of this research showed that GSB is better than other systems like peer to peer(P2P) and physical document interchange and outperformed them in all dimensions. The main concern of all of respondents and experts were in the area of security. They are unanimous that security framework and standards of the system should be developed and implemented. This also emphasizes the importance of this type of researches.
zahra vazife; Mohammad Mahdi; Nadia Vakili
Abstract
Today, information plays the role of capital of the organization and the protection of corporate information is one of the important pillars of its survival. On the other hand, security issues and barriers are one of the most important issues in the field of information systems. For a long time, security ...
Read More
Today, information plays the role of capital of the organization and the protection of corporate information is one of the important pillars of its survival. On the other hand, security issues and barriers are one of the most important issues in the field of information systems. For a long time, security was considered as one of the main components of information technology infrastructure. This study is an applied research in which meta-synthesis approach has been used for analysis. This research has been carried out using a meta-synthesis approach with a thorough and in-depth review of the subject and combines the findings of qualitative and quantitative research. In this regard, 118 articles on information security and information systems management were evaluated and 55 articles were selected. Then, by analyzing content analysis the relevant dimensions and codes were extracted and the importance and priority of each dimension was determined using Shannon entropy. Based on the findings of the research, knowledge about the value of information, the ability to retrieve information, the correct use of resources, and the coexistence of information and software has the highest importance among the 10 dimensions. Finally, following the research steps, a model for determining and deploying an effective information security management system was presented in three layers of identification, implementation structure, and design of the support system of the information security management system.
Alireza Peykam; Khodakaram Salimifard
Abstract
Security of information systems as a new area of information technology is of a great importance in creating confidence and growth in the use of information systems. Although in recent years many researchers and IT experts have focused on the technical aspects of security, but less attention has been ...
Read More
Security of information systems as a new area of information technology is of a great importance in creating confidence and growth in the use of information systems. Although in recent years many researchers and IT experts have focused on the technical aspects of security, but less attention has been paid to its organizational and managerial aspects. To investigate the factors affecting on the creating and maintaining of security of information systems, this study identifies the inter-organizational factors. Then, by designing a questionnaire and using Fuzzy Analytic Hierarchical Process (FAHP) technique, the weights and ranks of factors are calculated. The results show that human factor is the most important inter-organizational factor that influences information systems security. Also, the lack of information about the value and importance of information is identified as the most important sub factor.