The Management Model of Information Technology Security Based on Professional Ethics Policies of Employees

Background & Every organization should create a kind of information security management system according to the level of information in order to be able to identify and manage the information risks of the organization and the protection of information assets. Hence, in the current research, the design of the IT security management model with the approach of the professional ethics policies of the employees is discussed. The current research is an applied and developmental research and in terms of its nature, it is an exploratory research. This research was conducted using qualitative research method and thematic analysis strategy. In this research, field method and interview tools were used to collect data. Hence, 12 semi-structured interviews with chain sampling method (snowball) were conducted until reaching theoretical saturation with two groups of scientific and academic experts and executive experts. After implementing the text of the interviews in the Maxqda software, through the theme analysis technique based on  Attride-Stirling approach, the research data were analyzed in three stages of basic, organizing and comprehensive themes. Based on the data analysis, the research findings were organized into 6 overarching themes of professional ethics, commitment and responsibility, creativity and innovation, human resource management, human resource performance and organization structure, and 24 organizing themes and 244 basic themes. The protection of organizational information requires a determined and persistent management, and proper monitoring can control possible unethical aspects and help ensure the security of information technology. Ethical behavior of employees is very important in the field of information technology security. If employees do not follow the policies and ethical principles, it may lead to data or systems security breaches. Behavioral monitoring can remind employees of the policy and put them on the correct behavioral path.