پژوهش‌های مدیریت عمومی (May 2019)

The Effect of the Implementation of Information Security Management System (ISMS) and Information Technology Infrastructure Library (ITIL) on the Promotion of Information Systems and Information Technology Services Continues

  • Ahmad Salehi,
  • Zahra Vazife

DOI
https://doi.org/10.22111/jmr.2019.4751
Journal volume & issue
Vol. 12, no. 43
pp. 225 – 249

Abstract

Read online

Abstract The purpose of this study was to investigate and analyze the factors affecting the upgrading of information systems and the continues of information technology services. Based on model, this research effective factors of implementation of Information Security Management System (ISMS) are 9 dimensions and effective factors of Information Technology Infrastructure Library (ITIL) are 5 dimensions were investigated and analyzed. This research is orientated, applied and descriptive .The average number of members of the statistical community in this study was 100 people, including managers and experts in the field of information security and IT services, public and private organizations, senior managers of companies providing management, technical, operational and educational services Information security and, ultimately, professors and experts with the field of activity or research in the field of security and IT services. The sample size was calculated based on Cochran method and data was collected by using a questionnaire tool for 80 members of the statistical community. For reliability of research variables, Cronbach's alpha coefficient and composite reliability have been used. Cronbach's alpha coefficient of all variables is greater than the minimum value of 0.65. To verify the construct validity (convergent), a confirmatory factor analysis was used. All mean values of extracted variance are more than 0.5, and therefore, the model of measurement has an appropriate convergent validity. In this research, factor analysis, partial least squares and one-sample t-test were used to test the questions and fitness of the model. Based on the findings, the impact of the implementation of Information Security Management System and Information Technology Infrastructure Libraryon the promotion of information systems and the continuity of information technology services were confirmed and effective factors of expression and strategies for improving the status of organizations were presented. Introduction In today's world, the most important security concerns associated with information systems include the infiltration of information systems, the interruption and disruption of vital services, and theft, alteration or destruction of information. Approaches have been introduced to ensure information security. The Information Security Management System (ISMS) is a comprehensive approach to ensuring information security of organizations. On the other hand, the competitive business environment and the strong dependence on information technology services have led organizations to be judged on the basis of the ability to continuously and continuously provide services. Therefore, ensuring the continuity of information technology services is one of the most important issues that should be addressed in the business. The Information Technology Infrastructure Library (ITIL) is a framework for managing, delivering service and implementing IT activities in organizations. So, given the importance of the issue, the main question we are looking for in this study is whether the implementation of the information security management system and the IT infrastructure library in an organization promotes the information systems and the continuation of IT services? Case study Managers and experts in the field of information security and (ITS) Information technology services are governmental and private organizations that have implemented the Information Security Management System and the Information Technology Infrastructure Library in Zahedan and Mashhad. Top Managers of Providers of Management, Technical, Operational, and Educational Services for Information Security and Advice on the Implementation of the (IS) and (ITS) which have been licensed by the Ministry of Communications and Information Technology (ICT). Ultimately, professors, experts, and researchers are in the field of activity or research in the field of information security and information technology services. Materials and methods The present research is descriptive in nature and descriptive in terms of method, quantitative and in process and applied in term of purpose. Data collection was done by using a questionnaire in Lekert scale MS. For collecting information on theoretical foundations and research literature, library resources, articles, e-resources, standards and authoritative journals have been used. To verify the validity of the model, a confirmatory factor analysis and Kolmogorov-Smirnov test were used to test the normal variables. Then, using the partial least squares method (PLS) and single sample t-test, the questionnaire has been studied. Discussion and Conclusion A correlation coefficient was used to confirm the relationship between the implementation of ISMS and ITIL in promotion information systems and the continuity of IT services, which was confirmed by the results of this hypothesis. Also, to investigate the impact of ISMS and ITIL implementation on the promotion of information systems and the continuity of IT services, partial least squares method was used, which was confirmed in all cases. According to the results of the analyzes, indicators such as defining goals and policies for managing service continuity, evaluating and identifying processes in the organization, prioritizing events in terms of its impact and urgencies, examining all information security incidents and the reasons for the occurrence And prevent it from re-establishing it; responding appropriately and learning about security incidents; defining and identifying identity information for employees to access information resources; monitoring network, router settings, switch and penetration testing at regular intervals; procurement and testing Backup information; Install antivirus and firewalls in the network; Take the necessary measures entry of authorized persons and the security of offices, rooms and facilities; the inclusion of security provisions in the design of the basic principles of configuration. It has the greatest impact on the upgrading of information systems and the continuity of IT services in organizations, and other indicators also have an impact but are less than socalled factors.

Keywords