New communication methods point out the disadvantages of existing security models in identifying threats and challenges to the infrastructure of new technologies. To solve this problem a new information security management model is required to meet today’s security challenges. This new model aims to protect business information systems and to secure operating environments within organizations. Efficient use of this model is dependent on the alignment of an organization’s information security architecture with other organizational architectures such as business, information, and communication infrastructure. In this research I’m looking to present a model that can be used to implement the information security management system to have the following characteristics:
- To be based on the organization’s business and to align information security with the organization’s business goals.
- To be independent of the environment, size, and culture of the organization, and can be implemented in any environment.
- To be independent of any specific technology and can be implemented in all industries and regulatory systems.
- To be capable of supporting all information security related standards.
To develop this model, various relevant models in this field have been analyzed, also, the criteria for setting information security goals challenges to implementing the information security management system, key factors contributing to a successful implementation of the system and the accomplishment of goals in the different organizations were identified. Finally, by integrating these two, not only does the resulting model have all the positive points of existing models but it can also meet all the information security goals of the organization.
According to the proposed model, the information security management system will be implemented in six phases, which are respectively, Preparation, Project definition, Design, Development, Monitoring, and Improvement. The first two phases of this model take place prior to implementation, and the next four phases that are based on the Deming cycle and will be analyzed in this paper deal with implementation.
To access the full text of the article, please refer to the following address: