Morteza Kokabi, Mansor Kohi Rostami,
Volume 21, Issue 1 (6-2015)
Abstract
Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF).
Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IPLF. Four web-based systems of IPLF evaluated. Evaluation criteria includes: Security Policy; Organization of information security; Asset management; human resources security; physical and environmental security; communications and operations management; access control; Information systems acquisition, development and maintenance; Information security incident management; business continuity management, and compliance.
Findings: Results show that security level of "Reading grid system" and "my book system" with an average of 0/68 was high. Security level of “Payam Mashregh system” and “Farzin statistical system” with an average of 0/60 and 0/53 was middle. Indicators such as "business continuity management", “prepare, develop and maintain information systems' strongest points”, “information security policy” and “information security organization” are among the most vulnerable areas of information security systems of IPLF And there were significant differences between viewpoints of experts about indicators of Information Security systems of IPLF.
Originality/value: We designed a systematic approach for the immunization of data exchange environment by evaluating web-based systems of IPLF by some criteria derived from accepted information security management standards. This article identified the strengths and vulnerabilities of the mentioned systems.
Mehdi Rahmani,
Volume 28, Issue 3 (11-2022)
Abstract
Purpose: The purpose of this research is to analyze the privacy statements of the top public libraries based on the ranking of public libraries by the American Library Association and to present a user privacy statement for Iran’s public libraries.
Method: The current research is applied in terms of purpose and is a type of mixed research in terms of method, in which library, Delphi, and descriptive survey methods were used. In order to answer the research questions, first by visiting the websites of the public libraries under review, their privacy statements or information confidentiality statements (if any) were extracted. In the second step, those libraries who had a privacy statement in the first step were identified, and then their statements were examined and the basic principles common to most libraries were extracted. Then, a list of various information collected by the libraries from users (based on the main criteria of the users’ privacy statement) was prepared. Then, using the Delphi method, this list was provided to 12 librarians and public library specialists who were selected by snowball sampling. Thus the main information that was provided to the libraries by the users and the reports of the users’ performance by library systems were determined. In the last step, according to the obtained results, the privacy statements of the users’ information were compiled based on the extracted information.
Findings: The findings showed that out of the 25 libraries examined, 24 libraries had provided user privacy statements on their website. Furthermore, the results indicated that the statement of the Chicago Public Library was the most comprehensive statement, and among the factors mentioned, the discussion of the library’s strategies regarding the use of records of the library systems, the records related to the user profile of the library users, and the reasons for presenting and publishing the users’ information were the most frequent. Finally, the main sections that should be included in the users’ privacy statement were presented, and strategies for public libraries in providing user privacy statements were suggested.
Originality/value: The results of the research showed the importance of the existence of the user privacy statement in the top public libraries, and finally, the basic principles proposed for the user privacy statement in public libraries were presented and 30 strategies were suggested to prepare a privacy statement for public libraries.