Abstract
Considering the important role of information in organizations, an appropriate management is required for maintaining the security of the information. The information security management system is part of a general management system in an organization and based on the business risk approach aims to establish, implement, use, monitor, revise, maintain, and improve security that leads to the protection of information and minimizes unauthorized access. The main objective of this chapter is to identify factors and indicators of information security based on the information management system. For this purpose, after reviewing the literature and having opinions of 30 experts, a conceptual framework for public organizations is proposed that includes information security management factors such as financial, technical, operation and communication, human resources, data and information classification, environmental and physical, and managerial.
TopReview Of Literature
ISMS includes processes such as evaluating, analyzing, and coping with risks, along with the exchange of information with stakeholders as well as monitoring and reviewing the whole system, which gives this opportunity to managers and specialists of organizations to employ a formulated system with clear repeatable processes for making appropriate decisions according to their internal, environmental and contingent conditions, and incur the appropriate cost based on the importance and extent of the identified risks in each area. In other words, the ISMS provides the organization with a rational and economic justification for all its costs, instead of making decisions in an ambiguous manner based on individual preferences and replaces its decision-making process with a systematic approach to reduce weaknesses and security hazards.
Table 1 describes sources of risks.