Check assumptions and requirements for the implementation of Information Security Management System hospital in Tabriz

Abstract

the purpose of this study was to investigate and analyze the assumptions and requirements for the implementation of Information Security Management System (ISMS). Methodology: To check assumptions security management system implementation is the population of Tabriz hospitals. Because information security, is considered most hospitals cooperate and only 8 hospitals of Tabriz, as the population of the study. Review the requirements and assumptions are based on the standard ISO / IEC 27001, ISO / IEC 27002 test target setting and ISO 27001 standard questionnaire containing 33 questions in 11 control is used. To analyze the data descriptive and inferential statistical methods were used that implementation of information security management system was confirmed. As well as to identify factors affecting the implementation of information security management system and factor analysis, structural equation model was used PLS smart software that based on its findings indirectly relates to impact the four dimensions of implementation effectiveness of the system. The study findings were presented. Results: Using the software, smart-PLS and using structural equation modeling confirmatory factor analysis was performed to measure the test of convergent validity, divergent validity, reliability Security and reliability of observable variables and quality test and measurement model of the 101 comments experts, all the prerequisites and requirements, including information security policy, the organization of information security, asset management, human resources in terms of security, physical and environmental security, communications and operations management, access control, use, development and maintenance, incident management information security, business continuity management and compliance with laws Brpyadh at 99 per cent is forecast in Tabriz hospitals are effective information security management system. Conclusion: According to prioritize the factors affecting Brpyadh information security management system, operating (after) the most monitors and agents (after) the supply and implementation of information security management system Brpyadh least affected are in Tabriz hospitals.