Has your organization compliance with ISMS? A case study in an Iranian   Bank

Mahsa Mohseni

arXiv:1303.0468·cs.CY·March 5, 2013·1 cites

Has your organization compliance with ISMS? A case study in an Iranian Bank

Mahsa Mohseni

PDF

Open Access

TL;DR

This study develops a model to evaluate organizational compliance with ISMS standards by analyzing industry standards and expert interviews, applied in an Iranian bank to identify compliance gaps.

Contribution

The paper introduces a novel model for assessing ISMS compliance based on industry standards and expert insights, tested in a real banking environment.

Findings

01

Identified key factors affecting ISMS compliance.

02

Quantified compliance levels in the case bank.

03

Ranked factors influencing security standards adherence.

Abstract

The purpose of this study is proposing a model to determine the gaps between security standards requirements and the reality of implementation ISMS. The research approach analyzes the various industry standards relevant to information security and responses gained from interviewing with 45 individuals of IT professionals and information security experts (who are chosen with targeted sampling) in order to develop a model comprising factors and subfactors which assesses compliance with ISMS (Information Security Management System) in organizations. For hypothesis test, binomial test and for ranking of factors and sub factors, Friedman test was done. This model tested in a bank and the degree of compliance with ISMS calculated.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsInformation and Cyber Security