A Conceptual Framework for Securing Information Systems in Organizations Based on Methasynthesis Approach
Security of information systems is a critical issue that many organizations facing today, and includes three dimensions of human, technical and process. There are also some technical attitudes and approaches in most studies in this area. The purpose of this study is to provide a new model that addresses the security requirements for dealing with threats and fixing vulnerabilities in all three dimensions. Therefore, 255 articles were reviewed using the above-mentioned approach. After evaluation, 76 articles were approved for final examination and extraction of codes. Of these articles, 47 threats in 8 categories; 31 vulnerabilities in 8 floors; 15 human requirements; 34 technical requirements in 7 general categories and 17 process requirements. Finally, security requirements for dealing with each threat and fixing the vulnerabilities were selected and presented as a comprehensive framework. The greatest number of threats related to criminal activities / abuses and the lowest frequency is for human challenges. Among vulnerabilities, the highest frequency is related to the occurrence of criminal activity / abuse and the lowest frequency is related to weakness in failure / failure control. The most important human requirement is the development and implementation of training programs in the field of information security, the most technical requirements related to Information security mechanisms and systems, and the most important requirement is for the process of drafting laws, guidelines, instructions and Security requirements of information systems in the organization.
پرداخت حق اشتراک به معنای پذیرش "شرایط خدمات" پایگاه مگیران از سوی شماست.
اگر عضو مگیران هستید:
اگر مقاله ای از شما در مگیران نمایه شده، برای استفاده از اعتبار اهدایی سامانه نویسندگان با ایمیل منتشرشده ثبت نام کنید. ثبت نام
- حق عضویت دریافتی صرف حمایت از نشریات عضو و نگهداری، تکمیل و توسعه مگیران میشود.
- پرداخت حق اشتراک و دانلود مقالات اجازه بازنشر آن در سایر رسانههای چاپی و دیجیتال را به کاربر نمیدهد.