Islamic Art Studies

Islamic Art Studies

Implementing a Structural-Interpretive Model for Information Security Management in Iranian Governmental Organizations: An Art-Islamic Approach

Document Type : Original Article

Authors
Hojat Talebi 1
Hamid Taboli 2
1 PhD Student, Department of Public Administration, Chalous Branch, Islamic Azad University, Chalous, Iran
2 Associate Professor, Department of Public Administration, Payame Noor University, Tehran, Iran
10.22034/ias.2021.300790.1696
Abstract
In the modern era, information serves as a primary driver of power, making information dominance a critical form of control. Information Security Management (ISM) offers a model designed to protect an organization's information assets, thereby minimizing the likelihood of unauthorized access to sensitive data. Implementing robust ISM policies and programs can contribute to enhanced employee work ethic; conversely, improvements in work ethic can strengthen ISM within the organization. Despite its recognized importance, ISM has not been effectively implemented in many Iranian governmental organizations due to various factors. This research aims to address this gap by developing a "Structural-Interpretive Model for Information Security Management in Iranian Governmental Organizations with an Art-Islamic Approach."
Using a grounded theory research methodology, data were collected through theoretical and snowball sampling, achieving theoretical saturation after 17 interviews. Initial themes were identified through open coding, from which categories were extracted. Axial coding was then employed to link these categories within a coding paradigm, delineating causal conditions, a core category, strategies, context, intervening conditions, and consequences. Following the qualitative phase, a questionnaire based on the developed model was administered to 384 managers and experts familiar with ISM in Iranian governmental organizations. The collected responses were analyzed, and the results largely validated the model derived from the qualitative data, leading to specific recommendations.
Research Objectives:

Examine the Art and Islamic approach in organizational information security management.
Investigate the framework and interpretive structure of information security in Iranian organizations.

Research Questions:

How does the Art-Islamic approach influence organizational information security management?
What should be the framework and interpretive structure of information security in Iranian organizations?

 
Keywords
Information Security Management
Structural-Interpretive Model
Islamic Approach
Art Approach
Amini, M., Vakili Mofrad, H., & Saberi, M. (2019). Identifying Factors Affecting Information Security Management of Libraries and Information Centers of Hamadan University of Medical Sciences. Academic Librarianship and Information Research, 3, 53. [In Persian]
Aram, Mohammadreza. (2009). Investigating and Assessing the Factors Affecting Information Security Management of Pars South Gas Company. Master's Thesis, Shahid Beheshti University. [In Persian]
Ashouri Zadeh, S. (2012). The Relationship between Organizational Culture and Information Security Management in the National Bank of Iran. Master's Thesis, Allameh Tabataba'i University. [In Persian]
Boritz, J. E. (2004). Managing enterprise information integrity: security, control, and audit issues. Isaca.
Chang, E. (2007). An Investigation of Organizational Culture on Information Security Management. Academy of Management Journal, 35, 421-438.
Chathoth, P. K., Mak, B., Sim, J., Jauhari, V., & Manaktola, K. (2011). Assessing dimensions of organizational trust across cultures: A comparative analysis of US and Indian full service hotels. International Journal of Hospitality Management, 30(2), 233-242.
Danaeefard, H., Abdali, R., & Mahmoudi Kouchaksaraei, A. A. (2020). Research on Corruption and Administrative Health in Iran: A Scoping Review. Knowledge of Auditing, 20(79), 201-218. [In Persian]
Danaeefard, H., Rajabzadeh, A., & Hasiri, A. (2009). Promoting Intra-Organizational Trust in the Public Sector: Examining the Role of Managers’ Managerial Competence. Management Research, 4, 59-90. [In Persian]
Dehghani, M., Rahmatpasand Fotideh, Z., Arasteh, Z., Shokrizadeh Bazanjani, K., & Awareness, K. (2019). Attitude and performance of employees of the health information management department of Iranian hospitals regarding health information security. Journal of Health Information Management, 1, 3-9. [In Persian]
Hadadi Harandi, A. A., Valmohammadi, C., & Salehi Sedghiani, J. (2019). Information security management in smart business. Scientific Research of Crisis Management, 8(Special Issue of Smartization), 25-33. [In Persian]
Hagen, J. M. (2011). Information security culture: an exploratory study. Information Management & Computer Security.
Hansche, S. (2001). Designing a security awareness program: Part 1. Information Systems Security, 9(6), 1-9.
Heidari, S., & Mohammadi, S. (2012). A New Model for Information Security Management in Service-Oriented Enterprise Architecture. American Journal of Scientific Research, (76), 114-132.
Ho, S. M. (2008). A Framework of Coordinated Defense. In Proceedings of the Second International Conference on Computational Cultural Dynamics (pp. 39-44).
Hong, K. S., Chi, Y. P., Chao, L. R., & Tang, J. H. (2003). An integrated system theory of information security management. Information Management & Computer Security.
Kadam, A. W. (2007). Information security policy development and implementation. Information Systems Security, 16(5), 246-256.
Kambwiri, L. (2012). An Appraisal of Information Security Management at Chancellor College, University of Malawi.
Kauspadiene, L., Cenys, A., Goranin, N., Tjoa, S., & Ramanauskaite, S. (2017). High-level self-sustaining information security management framework. Baltic Journal of Modern Computing, 5(1), 107.
Kim, S., Kim, S., & Lee, G. (2009). Structure design and test of enterprise security management system with advanced internal security. Future Generation Computer Systems, 25(3), 358-363.
Kline, R. B. (2011). Principles and practice of structural equation modeling. Guilford press.
Mitchell, R. C., Marcella, R., & Baxter, G. (1999). Corporate information security management. New Library World.
Mivald, E. (2006). Basics of Network Security. Translation: Information Technology Research Group of Jihad University of Sharif University of Technology. Tehran: Institute Is Iran Publications. [In Persian]
Mohammadi, M., Sheikh Zaheri, A., & Kermani, F. (2019). Comparison of Patient-Oriented Algorithms for Health Information Security in Health Social Networks and Cloud Environment. Journal of Modern Medical Information, 5(2), 68-79. [In Persian]
Park, E. H., Kim, J., & Park, Y. S. (2017). The role of information security learning and individual factors in disclosing patients' health information. Computers & Security, 65, 64-76.
Parsons, K., McCormac, A., Butavicius, M., Pattinson, M., & Jerram, C. (2014). Determining employee awareness using the human aspects of information security questionnaire (HAIS-Q). Computers & Security, 42, 165-176.
Shams, Shahab al-Din; Esfandiari Moghaddam, Amir. (2015). The Relationship between Different Dimensions of Organizational Trust and Employees' Job Satisfaction. Management Studies (Improvement and Transformation), 77, 171-185. [In Persian]
Veiga, A. & Martins, N. (2017) “Defining and Identifying Dominant Information Security Cultures and Subcultures.” Computers & Security, 70: 72-94.
Vermeulen, C., & Von Solms, R. (2002). The information security management toolbox–taking the pain out of security management. Information Management & Computer Security.
Whitener, E. M. (2001). Do “high commitment” human resource practices affect employee commitment? A cross-level analysis using hierarchical linear modeling. Journal of Management, 27(5), 515-535.