Affiliation:
1. Independent Researcher, Iran
Abstract
Considering the important role of information in organizations, an appropriate management is required for maintaining the security of the information. The information security management system is part of a general management system in an organization and based on the business risk approach aims to establish, implement, use, monitor, revise, maintain, and improve security that leads to the protection of information and minimizes unauthorized access. The main objective of this chapter is to identify factors and indicators of information security based on the information management system. For this purpose, after reviewing the literature and having opinions of 30 experts, a conceptual framework for public organizations is proposed that includes information security management factors such as financial, technical, operation and communication, human resources, data and information classification, environmental and physical, and managerial.