Volume 21, Issue 1 (6-2015)
Research on Information Science and Public Libraries 2015, 21(1): 89-107 |
Back to browse issues page
Download citation:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
BibTeX | RIS | EndNote | Medlars | ProCite | Reference Manager | RefWorks
Send citation to:
kokabi M, kohi rostami M. Information security of Web-based systems in Iran Institution of public libraries. Research on Information Science and Public Libraries 2015; 21 (1) :89-107
URL: http://publij.ir/article-1-1077-en.html
URL: http://publij.ir/article-1-1077-en.html
, kokabi80@yahoo.com
Abstract: (8505 Views)
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF).
Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IPLF. Four web-based systems of IPLF evaluated. Evaluation criteria includes: Security Policy; Organization of information security; Asset management; human resources security; physical and environmental security; communications and operations management; access control; Information systems acquisition, development and maintenance; Information security incident management; business continuity management, and compliance.
Findings: Results show that security level of "Reading grid system" and "my book system" with an average of 0/68 was high. Security level of “Payam Mashregh system” and “Farzin statistical system” with an average of 0/60 and 0/53 was middle. Indicators such as "business continuity management", “prepare, develop and maintain information systems' strongest points”, “information security policy” and “information security organization” are among the most vulnerable areas of information security systems of IPLF And there were significant differences between viewpoints of experts about indicators of Information Security systems of IPLF.
Originality/value: We designed a systematic approach for the immunization of data exchange environment by evaluating web-based systems of IPLF by some criteria derived from accepted information security management standards. This article identified the strengths and vulnerabilities of the mentioned systems.
Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IPLF. Four web-based systems of IPLF evaluated. Evaluation criteria includes: Security Policy; Organization of information security; Asset management; human resources security; physical and environmental security; communications and operations management; access control; Information systems acquisition, development and maintenance; Information security incident management; business continuity management, and compliance.
Findings: Results show that security level of "Reading grid system" and "my book system" with an average of 0/68 was high. Security level of “Payam Mashregh system” and “Farzin statistical system” with an average of 0/60 and 0/53 was middle. Indicators such as "business continuity management", “prepare, develop and maintain information systems' strongest points”, “information security policy” and “information security organization” are among the most vulnerable areas of information security systems of IPLF And there were significant differences between viewpoints of experts about indicators of Information Security systems of IPLF.
Originality/value: We designed a systematic approach for the immunization of data exchange environment by evaluating web-based systems of IPLF by some criteria derived from accepted information security management standards. This article identified the strengths and vulnerabilities of the mentioned systems.
Keywords: information security, standard ISO / IEC 27002, web based systems, Iran Public Libraries Foundation
Type of Study: quantitative |
Subject:
Child and Adolescent Studies
Received: 2014/02/23 | Accepted: 2015/06/6 | Published: 2015/06/6
Received: 2014/02/23 | Accepted: 2015/06/6 | Published: 2015/06/6
Send email to the article author
| Rights and permissions | |
 |
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License. |
