مشخصات مقاله | |
ترجمه عنوان مقاله | درک مهارت های کلیدی برای مدیران امنیت اطلاعات |
عنوان انگلیسی مقاله | Understanding key skills for information security managers |
انتشار | مقاله سال 2018 |
تعداد صفحات مقاله انگلیسی | 8 صفحه |
هزینه | دانلود مقاله انگلیسی رایگان میباشد. |
پایگاه داده | نشریه الزویر |
نوع نگارش مقاله |
مقاله پژوهشی (Research article) |
مقاله بیس | این مقاله بیس نمیباشد |
نمایه (index) | scopus – master journals – JCR |
نوع مقاله | ISI |
فرمت مقاله انگلیسی | |
ایمپکت فاکتور(IF) |
4.516 در سال 2017 |
شاخص H_index | 82 در سال 2018 |
شاخص SJR | 1.373 در سال 2018 |
رشته های مرتبط | مهندسی کامپیوتر |
گرایش های مرتبط | امنیت اطلاعات |
نوع ارائه مقاله |
ژورنال |
مجله / کنفرانس | مجله بین المللی مدیریت اطلاعات – International Journal of Information Management |
دانشگاه | Information System Engineering – Atilim University – Turkey |
کلمات کلیدی | مدیریت امنیت اطلاعات، مهارت های امنیتی، مدیر امنیت اطلاعات، گواهینامه های امنیتی |
کلمات کلیدی انگلیسی | Information security management, Security skills, Information security manager, Security certifications |
شناسه دیجیتال – doi |
https://doi.org/10.1016/j.ijinfomgt.2018.07.013 |
کد محصول | E10211 |
وضعیت ترجمه مقاله | ترجمه آماده این مقاله موجود نمیباشد. میتوانید از طریق دکمه پایین سفارش دهید. |
دانلود رایگان مقاله | دانلود رایگان مقاله انگلیسی |
سفارش ترجمه این مقاله | سفارش ترجمه این مقاله |
فهرست مطالب مقاله: |
Highlights Abstract Keywords 1 Introduction 2 Literature review 3 Methodology and case study 4 Implementation and findings 5 Discussion and implications 6 Conclusions Appendix A References |
بخشی از متن مقاله: |
ABSTRACT
Information security management is a necessity for all institutions and enterprises that regard company information as valuable assets. Developing, auditing and managing information security depends upon professional expertise in order to achieve the desired information security governance. This research seeks the key skills required for the position of information security management as well as the methods to develop these skills through professional training programs. The study adopts the Delphi method which requires building a list of items through a literature survey and involves experts with certain expertise to modify the list until a consensus on less than 20% of the items is reached. Through completing three rounds of the Delphi technique – data collection, relevance voting and ranking – sixteen skills are shortlisted as the key skills. In the final list, the majority belong to core information security skills, and the top two skills belong to project/process management skills and risk management skills, indicating the importance of these skills for the information security manager role. In addition, a series of related professional training programs and certifications are surveyed, the outcome of which highlights a number of most comprehensive and appropriate programs to develop these determined skills. Introduction An Information Security Management System (ISMS) is a set of standards, by which companies can protect their vital information assets in certain industries such as healthcare (Gardiyawasam Pussewalage & Oleshchuk, 2016) and finance (Roumania, Nwankpab, & Roumani, 2016). It mainly focuses on closing the gap in the security systems and processes through risk management (Bojanc & JermanBlazic, 2008; Silva, De Gusmão, Poleto, Silva, & Costa, 2014). Moreover, the process was standardized via the ISO/IEC 27001:2005 (later, revised by ISO/IEC 27001:2013) based on the British Standards BS 7799 and developed by the UK’s Department of Trade and Industry (Humphreys, 2016). The implementation of ISO/IEC 27001 is based on examining various core concepts that are treated either solely or combined, and includes the context of organizations, issues, risks, opportunities, interested parties, leadership, threats, communication, documented information, performance evaluation, risk owners, risk treatment plans, controls, and continual improvement. In this respect, risk management plays a major role in implementing this standard as it should always be planned, controlled and assessed. Information security provides a way to protect the valuable assets of any organization, especially the ones that hold sensitive information. It is based on three main principles, which are (ISO/IEC, 2013): 1 Confidentiality: preventing unauthorized access to sensitive data; 2 Integrity: truthfulness of the data, which cannot be modified without authorization; and 3 Availability: accessibility of the data whenever it is requested by authorized personnel. Information security owes its importance to several issues, especially from the legal point of view. As governmental services increasingly become online day by day, a large amount of vital information about individuals and governments could be at risk in different parts of the world without the presence of security systems (Ozkan & Karabacak, 2010; Saarenpaa, 2008). Studies show that, in an organization, there are many business-related highlights to be considered in ISMS which include, and are not limited to: 1 Preserving information within the organization in order to maintain competitiveness in the market; 2 Sustaining growth by making the needed information available at all times to the company’s decision-makers; and 3 Enhancing communication systems within the organization to support efforts towards stability (Wawak, 2010). |