The Evaluation of Information Security Management System in the Iraqi Commission for Computers and Informatics according to the International Standard (ISO 27001: 2013)

Authors

  • اثير عبد الهادي ال فيحان
  • عامر حمدي عبد غريب

DOI:

https://doi.org/10.33095/jeas.v21i86.764

Keywords:

امن المعلومات- نظام ادارة امن المعلومات – الهيئة العراقية للحواسيب والمعلوماتية- مقياس ليكرت –NIST -ISO 27001, Information Security- Information Security Management System- Iraqi Commission for Computers and Informatics - Likert Scale - ISO 27001- NIST.

Abstract

    The current research included (the evaluation of Information Security Management System on according to international standard (ISO / IEC 27001: 2013) in Iraqi Commission for Computers and Informatics), for the development of an administrative system for information security is considered a priority in the present day, and in the light of the organizations  dependence on computers and information technology in work and communication  with others. The international legitimacy (represented by the  International Organization for standardization (ISO)) remains the basis for matching and commitment and the importance of the application of information Security Management System according to the international standard  (ISO / IEC 27001: 2013) is manifested in protecting the assets of the organizations especially information and databases systematically and continuously.

   The aim of the research was evaluating between the Information Security Management System that currently exists in the Iraqi Commission for Computers and Informatics (site of conducting the research) and the Information Security Management System  according to the International Standard (ISO / IEC 27001: 2013) by using  examining checklists  in order to diagnose nonconformity gaps with the international standard.

   The research has come to an important  conclusion, i.e. (the administrative system for information security followed by the Iraqi Commission for Computers and Informatics, despite its dependence on modern technology and the efficient staff  , it lacks good documentation and application of many of  the requirements International Standard (ISO / IEC 27001: 2013) came with  needs  to rebuild  an organizational structure and functions consistent with the supporting International Standard (ISO / IEC 27003: 2010).

  The research concluded with the most important recommendation (forming a work team that adopts preparing  the prerequisites of Appling the standard (ISO / IEC 27001: 2013) works at meeting its requirements and the requirements of other management systems (quality management system and so on), and associated with the top management to facilitate the support with resources and powers.

Downloads

Download data is not yet available.

Published

2015-12-01

Issue

Section

Managerial Researches

How to Cite

“The Evaluation of Information Security Management System in the Iraqi Commission for Computers and Informatics according to the International Standard (ISO 27001: 2013)” (2015) Journal of Economics and Administrative Sciences, 21(86), p. 1. doi:10.33095/jeas.v21i86.764.

Similar Articles

1-10 of 1472

You may also start an advanced similarity search for this article.