Identifying the Effective Components of Information Security Management in Information Technology of Iranian Offshore Oil Company

Document Type : Research Paper

Authors

1 MSc. Student in Information Technology Management, Faculty of Management and Accounting, University of Tehran Campus of Farabi, Qom, Iran.

2 Department of Management, Faculty of Management and Accounting, Farabi Campus, University of Tehran, Qom, Iran

Abstract

Security problems and barriers are one of the most fundamental issues in information systems. Security has long been regarded as an integral part of IT infrastructure. In this regard, the present research aimed to identify the effective components of information security management in Iran's Offshore Oil Company Information Technology. The population of this research includes Iran's Offshore Oil Company IT managers and experts. The research is considered as mixed method in nature. In the qualitative section, the effectiveness components were identified using semi-structured interviews. Then these identified components were developed in the form of a secondary questionnaire and proposed to the population so the necessary data were collected. Data analysis was performed using SPSS20 and Lisrel software. The results of the research showed the components related to technical  human, managerial, leadership, financial and economic issues, components related to management and leadership issues affecting information security management of  information technology department of Iran's offshore oil company.
 

Keywords


جعفری، ع.، رحمانی، م. و مهرآزمای، ح. (1387). شناسایی و رتبه بندی عوامل و شاخصهای کلیدی موثر بر مدیریت تهدیدات امنیت فیزیکی و محیطی اطلاعات. پنجمین کنفرانس بینالمللی مدیریت فناوری اطلاعات و ارتباطات، تهران، ندای اقتصاد بامداد.
خیرگو، م. و شکوهی، ج. ( 1396). شناسایی و رتبه‌بندی عوامل کلیدی مؤثر بر اثربخشی سیستم‌های اطلاعاتی در سازمان‌های دولتی.پژوهشنامۀ پردازش و مدیریت اطلاعات، 32(3)، 712-695.
رمضانیان، م.ر. و بساق‎زاده، ن. (1391). تأثیر توانایی جذب و فرهنگ سازمانی بر موفقیت اجرای IS در شرکت‌های تولیدی قطعات خودروی استان گیلان. مدیریت فناوری اطلاعات، 3 (9)، 68-41.
زنجیرچی،س.م.، مروتی شریف‎آبادی، ع. و شاه‎حسینی بیده، ش. (1393). مقایسۀ عملکرد سازمان‎ها در پیاده‎سازی مدیریت ارتباط با مشتری با استفاده از رویکرد ترکیبی NAP و DEMATEL فازی. فصلنامۀ بازاریابی نوین، 4(3)، 212-195.
             شرکت ملی پالایش و پخش فراورده های نفتی ایران(1396).مدیریت فناوری اطلاعات و ارتباطات. قابل دسترس در         http://niordc.ir/index.aspx?siteid=77&pageid=520
نجاتی، ی.، حقیقت منفرد، ج. و رمضان، م. (1393). شناسایی و اولویت‎بندی عوامل مؤثر بر استقرار سیستم مدیریت امنیت اطلاعات (مورد مطالعه: ادارات مرکزی بانک کشاورزی در شهر تهران). کنفرانس بینالمللی حسابداری و مدیریت، تهران، مؤسسۀ همایشگران مهر اشراق، مرکز همایش‎های دانشگاه تهران.
Bellone, J,  Basquiat, S. D.,  Rodriguez, J. (2008). Reaching escape velocity: A practiced approach to information security management system implementation, Information Management & Computer Security, 16 (1), 49-57.
Bhattacharya, D. (2011). Leadership styles and information security in small businesses. Information Management & Computer Security, 19(5), 300-312.
Birman, K.P. (2000). The next-generation internet: unsafe at any speed. IEEE computer, 33(8), 54-60.
Hagen, J., Albrechtsen, E., Johnsen, S.O. (2011). The long-term effects of information security e-learning on organizational learning, Information Management & Computer Security,19 (3), 140-154.
Iranian Offshore Oil Company (2017). Information and Communication Technology Management. Available in: http://niordc.ir/index.aspx?siteid=77&pageid =520.
Jafari, A., Rahmani, M. & Mehrazmai, H. (2008). Identification and ranking of key factors and factors affecting the management of threats to physical and environmental information security. Fifth International Conference on Information and Communication Technology Management, Nedaye Bamdad, Tehran, (in Persian)
Kheirgoo, M., Shukuhy, J. (2017). Identification and Ranking of Key Factors Influencing the Effectiveness of Information Systems in State-Owned Organizations. Iranian Research Institute for Science and Technology, 32( 3), 694-711. (in Persian)
Kouziokas, G.N. (2016). Technology-based management of environmental organizations using an Environmental Management. Environmental Technology & Innovation, 5, 106–116.
Meskell, P., Burke, E., Kropmans, T. J., Byrne, E., Setyonugroho, W. & Kennedy, K.M. (2015). Back to the future: An online OSCE Management Information System for nursing OSCEs. Nurse Education Today, 35(11), 1091-1096.
Nejati, Y., Haghighat-Monfared, J., Ramezan, M. (2014). Identification and Prioritization of Factors Affecting the Establishment of Information Security Management System (Case Study: Central Office of Agricultural Bank in Tehran). International Conference on Accounting and Management, Tehran. (in Persian)
Pathari, V.,  Sonar, R. (2012). Identifying linkages between statements in information security policy, procedures and controls. Information Management & Computer Security, 20(4), 264-280.
Ramezaniyan, M. R., Bssaghzadeh, N. (2012). The Effect of Absorptive Capacity and Corporate Culture on IS Implementation Success in Production Companies of Automobile Segments in the Guilan Province. Journal of Information Technology Management (JITM),3(9), 41-68. (in Persian)
Thomson, K. &  Van Niekerk, J. (2012). Combating information security apathy by encouraging prosocial organisational behavior. Information Management & Computer Security, 20(1), 39-46.
Wolf, J., Wolfe, B. (2003). Management strategies for implementing forensic security measures. Information Security Technical Report. 8(2), 55-64.
Zangirchi, S. M., Morovvati Sharifabadi, A., Shahoseini Bideh, SH. (2014). The comparison of organization's performance on Customer Relationship Management (CRM) implementation using an integrative approach of Fuzzy ANP and DEMATEL. Journal of New Marketing Research,4(4), 195-212.
(in Persian)
Zuccato, A. (2007). Holistic security management framework applied in electronic commerce. Computers and Security, 26 (3), 256-265.