Document Type : Original Article

Authors

• Adel Soleimani Nezhad ¹
• Fariborz Doroudi ²
• Masoomeh Tahmasbi ³

¹ Associate Professor; Department of Knowledge and Information Science; Shahid Bahonar University of Kerman; Kerman, Iran

² Iranian Research Institute for Information Science & Technology (IranDoc); Tehran, Iran

³ M.S.c. in Knowledge and Information Science; Kerman, Iran

Abstract

Purpose: The present study aimed to evaluate the performance of information security management in government organizations located in Kerman city based on the ISO/IEC 27002 standard.
Methods: The research method used was descriptive-survey, and a standard questionnaire was utilized to collect information. The statistical population of the study included 176 security officers, information technology experts, and senior and middle managers working in government organizations located in Kerman city. The sample size was determined using the Cochran formula, resulting in 120 participants.
Findings: The study's findings indicate that, based on the rank average, the indicators of information security management in government organizations in Kerman are prioritized as follows: Organizational Asset Security Management (6.95), Organizational Information Security Management (6.49), Business Continuity Management (6.31), Operations and Communications Security Management (5.86), Acquisition, Development, Maintenance, and Maintenance Management (5.83), and Compliance Management (4.68). The results suggest that the average score of information security management performance in government organizations in Kerman city, based on the ISO/IEC 27002 standard, is higher than expected, as evidenced by the p-value of 0.000, which is less than the significance level of the study (0.05).
Conclusion: The results support the need for developing an information security policy document for organizations. It is essential for the general and specialized responsibilities of information security management to be clearly communicated to all employees. Information security incident reports should be prepared in all organizational departments, and security procedures and policies of other organizations should be reviewed and adapted to organizational programs.

Keywords

• Performance Evaluation
• Information Security Management
• ISO/IEC 27002
• Government Organizations
• Kerman City

Main Subjects

• software and Hardware Dimensions of Data, Information and Knowledge Studies