Journal of Management Information and Decision Sciences (Print ISSN: 1524-7252; Online ISSN: 1532-5806)

Abstract

Diagnosing the Current Information Systems Security Department in the Information Technology Department According to the International Standard (ISO / IEC 27001: 2013)

Author(s): Nagham Ali Jassim, Basmal Abdel Moneim Al-Zahir, A Hamad Makki Khazraji

 IT systems and networks of information are vulnerable to threats resulting from the breach or attempt to obtain data or reports, records and files that contain the information, which is available to persons, designated in the Ministry of the Interior.  This is because of its inherent specificity associated with work and the concern of the attempted destruction by the authorities that aim to misuse the information. The importance of research stems from the importance of the application of the standard because the information protection means the protection of the human resource in the Ministry of the Interior and protects all those who are working on this information.  It also protects them from loss and damage and access to it to get benefits from it by any person whose aim is to disrupt the order or sabotage.  Thus, it is required to manage it with the best methods of protection adopted globally. The research aims to diagnose the gap between the information security system in the department according to the international standard ("ISO / IEC 27001    ", 2013). It also aims to identify the gap using Likert Sibai scale. The size of the gap has reached the largest gap in the size of the requirement of leadership represented by about 49% and matching 51% due to lack of establishment of information security policy in the section.

Get the App