Identifying and Prioritizing the Effective Factors of the Information Networks Security of Sistan and Baluchestan Province Prisons

Abstract
The existence of information technology (IT) system, nowadays, does not guarantee appropriate outcomes for organizations, unless they ascertained their information security protocols and procedures are well-designed and their IT assets are protected from external and internal threats. The purpose of the present study is to identify and prioritize the factors which are influential in the security of the information networks of prisons of Sistan and Baluchestan (S&B) province. To this end, first a list of important criteria was compiled. Then, the effective factors of the security of electronic information networks of Prison Directorate General of S&B were identified by filling out a questionnaire. The population of the study were experts, specialists and university professors who were fully acquainted with the concept of IT network security. Since the statistical community was limited, there was no need for sampling. The criteria were then weighted and ranked using fuzzy analytical hierarchy process (AHP). The results of the study indicated that the field of infrastructure, content and application are of the highest importance from the perspectives of policy makers and prison governors.
Introduction
Some institutions and organizations have more important information from this regard, information security is more important for them. The General Directorate of Prisons in Sistan and Baluchestan Province has vital information resources, the loss of which and its leakage can cause great harm and violate the privacy and dignity of individuals; For example, CCTV images that may provide valuable information to abusers inside and outside the organization. The organization has an independent workgroup for information technology management, in which the number of experts with related education is more than ten. In this sub office, there are software systems: accounting and finance, warehousing, salaries and property, secretariat, administrative correspondence and archives. The data collected to identify the current IT situation of the General Directorate of Prisons in the fields of software, hardware, network and human resource, Indicates the lack of software to expedite internal affairs and appropriate security hardware within the organization and appropriate procedures for establishing communication network security.
Case study
This study intends to identify and prioritize the factors affecting the security of information networks in the General Directorate of Prisons of Sistan and Baluchestan Province.
Theoretical framework
Since the phenomenon of information technology in the General Directorate of Prisons of the province and in particular Zahedan Prison is not very old, determining its strategies requires multifaceted information; In this research, a pluralistic approach will be followed in the method and tools of data collection. In other words, this research tries to combine the characteristics of quantitative data (survey) and qualitative data (content analysis and archival studies) with a pluralistic approach and thus add to the richness of the research. The pluralistic approach in collecting information about the security of electronic information networks in the province's prisons and prioritizing them allows qualitative and in-depth analyzes to be combined with statistical analysis, increasing the internal validity of the test and the reliability of the collected information. Also reveal aspects of the research topic that may have been hidden.
In terms of the purpose of this research, it is a descriptive-field research. Most of the analyzes performed in different stages of the research are quantitative and qualitative methods that are performed in the form of document analysis, stakeholder analysis and quantitative data analysis.
Methodology
In this research, a questionnaire was used as one of the research tools and according to the scope of the subject and the multiplicity of indicators, questionnaires consisting of several sections were developed and in order to collect the required data, experts and those involved in ICT development in Some organizations as well as the General Directorate of Prisons were studied as a research community. Through face-to-face interviews and completing a questionnaire, the opinions of experts and managers of the studied organizations on adding, deleting or merging criteria were obtained. According to the results of this questionnaire and interviews, the most important criteria in the four fields of "infrastructure, content and application" and "policies and strategies" and "institutions" and "human resources" and 23 sub-criteria identified in the framework of these four areas was categorized. To obtain the relative weight of the four main fields as well as the identified sub-criteria, questionnaires were designed based on pairwise comparisons and fuzzy Analytical Hierarchy Process (AHP) method. These questionnaires were answered by employees and information technology experts of government organizations. In order to analyze the data with a fuzzy approach, the numbers obtained from the questionnaires should be converted into their equivalent triangular fuzzy numbers. To analyze these data, fuzzy AHP method and Chang’s developmental analysis method were used.
Discussion and Results
The results obtained from the implementation of fuzzy AHP algorithm and Chang developmental analysis method on the research data extracted from the questionnaires show that the infrastructure, content and application context with a relative weight of 0.314 is the most important. After infrastructure, content and application, human resources, policy and strategy and institutions with the weight of 0.272, 0.231 and 0.183 are in the next positions, respectively. The incompatibility rate of comparisons in this section is (CIg = 0.09) and (CIm = 0.09) and since this value is less than zero, the compatibility of the questionnaires is acceptable.
Conclusion
The ranking of quad criteria for improving the security of electronic information networks of prisons in Sistan and Baluchestan province indicates that the field of infrastructure, content and application has the highest importance for the managers and decision-making experts. This implies that the overall managerial attitude of the general administration is only based on the creation of technical-telecommunication platforms. The existence of such an attitude seems to be promising to increase the level of infrastructure and content and human resources. However, the factor of infrastructure, content and application is decisive and can be considered as the first evaluation criterion. In addition to the infrastructure, content and application context, the human resources context is also of great importance. From the point of view of the experts of the society which has been studied, the two contexts of "policies and strategies" and "institutions" are less important than the two contexts of "infrastructure, content and application" and "human resources". This indicates that the factors related to these fields are of lower importance compared to the criteria that are directly related to the context of infrastructure, content and application and human resources.