بررسی تأثیر پیاده سازی ISMS و ITIL بر ارتقاء سیستم های اطلاعاتی و تداوم خدمات فناوری اطلاعات

نوع مقاله: مقاله پژوهشی

نویسندگان

1 کارشناس ارشد مدیریت فناوری اطلاعات، دانشکده مدیریت و اقتصاد، دانشگاه سیستان و بلوچستان، زاهدان، ایران

2 استادیار ، دانشکده مدیریت و اقتصاد، دانشگاه سیستان و بلوچستان، زاهدان

10.22111/jmr.2019.4751

چکیده

پژوهش حاضر با هدف بررسی و تحلیل عوامل تأثیرگذار در ارتقاء سیستم­های ­اطلاعاتی و تداوم خدمات فناوری اطلاعات انجام شده­است. براساس مدل این پژوهش، عوامل مؤثر پیاده­سازی سیستم مدیریت امنیت اطلاعات (ISMS)  در 9 بُعد  و عوامل مؤثر کتابخانه زیرساخت فناوری اطلاعات (ITIL) در 5 بُعد موردبررسی و تحلیل قرارگرفته­اند. این پژوهش از  نوع توصیفی­ـ­پیمایشی است. متوسط تعداد اعضای جامعه آماری این پژوهش 100 نفر در نظر گرفته شده که شامل مدیران و کارشناسان حوزه امنیت اطلاعات و خدمات فناوری اطلاعات سازمان­های دولتی و خصوصی، مدیران ارشد شرکت­های ارائه­دهنده خدمات مدیریتی، فنی، عملیاتی و آموزشی امنیت اطلاعات و درنهایت اساتید و خبرگان با زمینه فعالیت یا پژوهش حوزه امنیت و خدمات فناوری اطلاعات است. حجم نمونه بر اساس جدول مورگان محاسبه و داده­ها با استفاده از ابزار پرسشنامه برای 80 نفر از اعضای جامعه آماری ارسال و جمع­آوری شده­است. برای پایایی متغیرهای پژوهش از ضریب آلفای کرونباخ و پایایی ترکیبی استفاده شده­است که ضریب آلفای کرونباخ تمامی متغیرها از حداقل مقدار 65/0 بیشتر است. برای بررسی روایی سازه (همگرا) از تحلیل عاملی تاییدی استفاده شد. تمامی مقادیر میانگین واریانس استخراج­شده از 5/0 بیشتر هستند و بنابراین مدل اندازه­گیری از روایی همگرای مناسب برخوردار است. در این پژوهش جهت آزمون سوالات و برازندگی مدل از روش تحلیل عاملی، حداقل مربعات جزئی و آزمون t تک نمونه­ای استفاده شده­است. بر اساس یافته­ها، تاثیر پیاده­سازی سیستم مدیریت امنیت اطلاعات و کتابخانه زیرساخت فناوری اطلاعات بر ارتقاء سیستم­های اطلاعاتی و خدمات فناوری اطلاعات تأیید گردید و عوامل تأثیرگذار بیان و راهکارهایی برای بهبود وضعیت سازمان­ها ارائه شده­است.

کلیدواژه‌ها


عنوان مقاله [English]

The Effect of the Implementation of Information Security Management System (ISMS) and Information Technology Infrastructure Library (ITIL) on the Promotion of Information Systems and Information Technology Services Continues

نویسندگان [English]

  • Ahmad Salehi 1
  • Zahra Vazife 2
1 MSc, Information Technology Management, Faculty of Management and economics, sistan and baluchestan university, Zahedan, Iran
2 Assistant Professor, Faculty of Management and Economics, University of Sistan and Baluchestan, Zahedan, Iran
چکیده [English]

Abstract
The purpose of this study was to investigate and analyze the factors affecting the upgrading of information systems and the continues of information technology services. Based on model, this research effective factors of implementation of Information Security Management System (ISMS) are 9 dimensions and effective factors of Information Technology Infrastructure Library (ITIL) are 5 dimensions were investigated and analyzed. This research is orientated, applied and descriptive .The average number of members of the statistical community in this study was 100 people, including managers and experts in the field of information security and IT services, public and private organizations, senior managers of companies providing management, technical, operational and educational services Information security and, ultimately, professors and experts with the field of activity or research in the field of security and IT services. The sample size was calculated based on Cochran method and data was collected by using a questionnaire tool for 80 members of the statistical community. For reliability of research variables, Cronbach's alpha coefficient and composite reliability have been used. Cronbach's alpha coefficient of all variables is greater than the minimum value of 0.65. To verify the construct validity (convergent), a confirmatory factor analysis was used. All mean values of extracted variance are more than 0.5, and therefore, the model of measurement has an appropriate convergent validity. In this research, factor analysis, partial least squares and one-sample t-test were used to test the questions and fitness of the model. Based on the findings, the impact of the implementation of Information Security Management System and Information Technology Infrastructure Libraryon the promotion of information systems and the continuity of information technology services were confirmed and effective factors of expression and strategies for improving the status of organizations were presented.
Introduction
In today's world, the most important security concerns associated with information systems include the infiltration of information systems, the interruption and disruption of vital services, and theft, alteration or destruction of information. Approaches have been introduced to ensure information security. The Information Security Management System (ISMS) is a comprehensive approach to ensuring information security of organizations. On the other hand, the competitive business environment and the strong dependence on information technology services have led organizations to be judged on the basis of the ability to continuously and continuously provide services. Therefore, ensuring the continuity of information technology services is one of the most important issues that should be addressed in the business. The Information Technology Infrastructure Library (ITIL) is a framework for managing, delivering service and implementing IT activities in organizations. So, given the importance of the issue, the main question we are looking for in this study is whether the implementation of the information security management system and the IT infrastructure library in an organization promotes the information systems and the continuation of IT services?
Case study
Managers and experts in the field of information security and (ITS) Information technology services are governmental and private organizations that have implemented the Information Security Management System and the Information Technology Infrastructure Library in Zahedan and Mashhad. Top Managers of Providers of Management, Technical, Operational, and Educational Services for Information Security and Advice on the Implementation of the (IS) and (ITS) which have been licensed by the Ministry of Communications and Information Technology (ICT). Ultimately, professors, experts, and researchers are in the field of activity or research in the field of information security and information technology services.
Materials and methods
The present research is descriptive in nature and descriptive in terms of method, quantitative and in process and applied in term of purpose. Data collection was done by using a questionnaire in Lekert scale MS. For collecting information on theoretical foundations and research literature, library resources, articles, e-resources, standards and authoritative journals have been used. To verify the validity of the model, a confirmatory factor analysis and Kolmogorov-Smirnov test were used to test the normal variables. Then, using the partial least squares method (PLS) and single sample t-test, the questionnaire has been studied.
Discussion and Conclusion
A correlation coefficient was used to confirm the relationship between the implementation of ISMS and ITIL in promotion information systems and the continuity of IT services, which was confirmed by the results of this hypothesis. Also, to investigate the impact of ISMS and ITIL implementation on the promotion of information systems and the continuity of IT services, partial least squares method was used, which was confirmed in all cases. According to the results of the analyzes, indicators such as defining goals and policies for managing service continuity, evaluating and identifying processes in the organization, prioritizing events in terms of its impact and urgencies, examining all information security incidents and the reasons for the occurrence And prevent it from re-establishing it; responding appropriately and learning about security incidents; defining and identifying identity information for employees to access information resources; monitoring network, router settings, switch and penetration testing at regular intervals; procurement and testing Backup information; Install antivirus and firewalls in the network; Take the necessary measures entry of authorized persons and the security of offices, rooms and facilities; the inclusion of security provisions in the design of the basic principles of configuration. It has the greatest impact on the upgrading of information systems and the continuity of IT services in organizations, and other indicators also have an impact but are less than socalled factors.

کلیدواژه‌ها [English]

  • Information Security
  • Information Security Management System
  • Information Systems
  • IT Service Continuity Management
  • Information Technology Infrastructure Library
1-Ahmadi, H. (2016). Information Technology Infrastructure Library(ITIL)for Managers, Experts, Professors and Students. Tehran: Sahadanesh publisher. (In Persian)

2- BMP. (2011). Best Management Practice(2011). IT Service Management-ITIL,recieved from:< http://www.best-management-practice.com> [16/03/2017].

3_ BS 7799, & BS ISO/IEC, 2. (2005). Information technology-Security techniquesInformation security management systems.  

4-Carter-Steel, A. (2009). summary of ITIL aadoption survery responenses thicnical Report. itSMF Australia 2009 Conference.University of Southen Australia.

5-Esteves, R. & Alves, P. (2013). Implementation of an Information Technology Infrastructure Library Process – The Resistance to Change. Procedia Technology (9), pp.505-510.

6-Efta document. (2007). Strategic security document for the information exchange of the country. Ministry of Communications and Information Technology.Iran. (In Persian)

7-Fornell, C., & Larcker, D. (1981). Evaluating Structural Equation Models with Unobservable Variables and Measurement Error. Journal of Marketing Research, 18(1), pp. 39-50.

8-Haji zadeh, A., & khayami, S. (2017). Investigation of the Infrastructure Information Technology Library at(ITIL) Iranian Universities. Third Conference on Computer Science and Information Technology.Tehran. (In Persian)

9-Haufe, K., Colomo-Palacios, R., Dzombeta, S., Brandis, K.& Stantchev, V. (2016). ISMS core processes: A study. Procedia Computer Science 100,pp.339-346.

10-Humphreys, E. (2008). Information security Management standards: Compliance, governance risk management. Information security Technical Report, ,13(4),pp.247-255.

11-ISO/IEC 17799, BS7799-2.(2002).ISMS-Specification with guidance for use ISO/IEC 17799 Information Technology-Code of practice for information security.

12-ISO/IEC27001. (2013). Information technology — Security techniques —Information security management systems—Requirements. <http://www.iso.org/iso/iso_catalogue/catalogue_ics/catalogue_detail>[05/02/2017].

13-ITIL.(2011).The ITILToolkit. www.itil.org.uk/kit.html>[25/06/2017].

14-Karimi Balan, Z. (2009). ITIL IT Service Management Information Management Model. Second International Electronic Conference, Tehran Research Institute for Information and Communication Technology (JIT). (In Persian)

15-Kraemer, S. (2006). An adversarial viewpoint of human and organizational factors in computer and information security. A            dissertation for the degree of Doctor Philosophy at the university of             Wisconsin-Madison.

16-Laudon, K., & Laudon, J. (2010). Management Information Systems. (S. Mostafavi, & S. Hosseini, Trans.) Tehran: Fadak Isatis. (In Persian)

17-Lee, J.& Kim, Y. (1999). Effect of partnership quality on IS outsourcing success: conceptual frameworkand empirical validation. Journal of Management information systems, 15(4), pp. 29-61.

18-Liljander, V., Polsa, P.&  Van Riel, A. (2009). Modeling consumer responses to an apparel store band: Store image as a risk reducer. journal of retailing and Consumer Services, 16(4), pp. 281- 290.

19-De Barros, M. D., Alberto Leite Salles, C., Francisco Simões, C., Alexandre da Silva, R. & Gomes Costa., H. (2015). Mapping of the Scientific Production on the ITIL Application. Procedia Computer Science, 55,pp.102-111.

20-Mehrabiyon Mohammadi, M., Shahryari, G. R & Zare Ravasan, A., (2014). Identifying and categorizing critical success factors Implementing the Information Technology Infrastructure Library in Iran. Quarterly Journal of Information Technology Management, 5,pp. 41-71

21-NIST. April 2013. Security and Privacy Controls for Federal Information Systems and Organizations. 53-800.< https://www.nist.gov/ >.[25/02/2017]

22-Norita, A., Noha, T., Faten, Q., & Faten, A. (2013). Technology adoption model and a road map to successful implementation of ITIL. Journal of Enterprise Information Management, 26(5),pp.553-576.

23-obrien, J. (2006). Introduction to Management information Systems. (A. Maniyan, M. Fatahi, & B. Vasegh, Trans.) Tehran: Negah danesh. (In Persian)

24-Office of the Information Security Management System(Nama). (2015). Collection of information security security and data encoding in executive agencies. Tehran: Iran Information Technology Organization. (In Persian)

25-Omidifar, M. (Feb.2015). A Survey and Prioritizing of Information Security Management System Elements in the Telecommunication Company of Khorasan. The Dissertation of M.Sc. in Information technology management, The University of Sistan & Baluchestan. (In Persian)

26-Sarika, S., Pravin, A., Vijayakumar, A., & Selvamani, K. (2016). Security Issues In Mobile Ad Hoc Networks. Conference Organized by               Interscience Institute of Management and Technology(92),pp. 329 – 335.

27-Siyadat, S., & Saghafi, N. (2015). Identify the Challenges of Implementing Information Security Management System (ISMS) in the organization. First International Information Technology Conference.Tehran. (In Persian)

28-Siyadat, S., Salehi pour, S., & Athari fard, A. (2017). The Challenges of Implementing Information Security Management System in the Banking System. Fourth International Conference on Knowledge Based Research in Computer Engineering and Information Technology.Tehran. (In Persian)

29-Steinberg, R. (2014). Operation of ITIL service. (B. Taheri, & F. Narimani, Trans.) Tehran: Tehran University Publisher. (In Persian)

30-Songyang, W., Yong, Z., & Wei, C. (2017). Network security assessment using a semantic reasoning and graph based approach. Computers and Electrical  Engineering,000, pp.1–14.

31-Taj Far, A., Mahmoudi, M., Reza Soltani, F., & Reza Soltani, P. (2014). Ranking barriers to implementation of information security management system and exploring readiness of exploration management. Information Technology Management - Faculty of Management, University of Tehran, 4(6), 551-566. (In Persian)

32-Wen,& Wu, S. (2010). Linking Bayesian networks and PLS path modeling for causal analysis. Export Systems with Applications(37), pp.134-139.

33-Whitman, M& Mattord, H. (2011). Principles of Information Security. Course Technology.

34-Wixom, B.&, Watson, H. (2001). A empirical investigation of the factors affecting data warehousing success. MIS Quarterly, 25(1), pp. 17-41.

35-Yaghoubi, N., shokouhi, J., & Salavati, A. (2015). Management information systems with strategic integration and alignment approach. mashhad: Marandiz Publisher. (In Persian)