Open AccessReview the implementation of information security management system requirements in hospitals of Tabriz in East Azarbaijan
Author(s) -
Nahid Beirami,
Naser Modiri,
Abbas Toloie Eshlaghi
Publication year - 2019
Publication title -
journal of management and accounting studies
Language(s) - English
Resource type - Journals
ISSN - 2693-8448
DOI - 10.24200/jmas.vol4iss01pp72-77
Subject(s) - information security management system , itil security management , information security management , computer science , information security , security information and event management , asset (computer security) , computer security , risk analysis (engineering) , information system , security service , process management , knowledge management , cloud computing security , business , engineering , cloud computing , network security policy , electrical engineering , operating system
The purpose of this study was to investigate and analyze the assumptions and requirements for the implementation of Information Security Management System (ISMS). Methodology: To check assumptions security management system implementation is the population of Tabriz hospitals. Review the requirements and assumptions are based on the standard ISO / IEC 27001, ISO / IEC 27002 test target setting and ISO 27001 standard questionnaire containing 33 questions in 11 control is used. The data were analyzed using descriptive and inferential statistical method that factors in the implementation of information security management system was confirmed. As well as to identify factors contributing to the implementation of information security management system and factor analysis, structural equation model was used PLS smart software that based on its findings to impact and indirect aspects of implementation effectiveness of the system. Results: Using the software, smart-PLS and using structural equation modeling confirmatory factor analysis was performed to measure the test of convergent validity, divergent validity, reliability Security and reliability of observable variables and quality test and measurement model of the 101 comments experts, all the prerequisites and requirements, including information security policy, the organization of information security, asset management, human resources in terms of security, physical and environmental security, communications and operations management, access control, use, development and maintenance, incident management information security, business continuity management and compliance with laws in secure level at %99 is forecast in Tabriz hospitals are effective information security management system. Conclusion: According to prioritize the factors affecting information security management system, operating (after) the most monitors and agents (after) the supply and implementation of information security management system least affected are in Tabriz hospitals.