Has your organization compliance with ISMS? A case study in an Iranian Bank

Abstract

The purpose of this study is proposing a model to determine the gaps between security standards requirements and the reality of implementation ISMS. The research approach analyzes the various industry standards relevant to information security and responses gained from interviewing with 45 individuals of IT professionals and information security experts (who are chosen with targeted sampling) in order to develop a model comprising factors and subfactors which assesses compliance with ISMS (Information Security Management System) in organizations. For hypothesis test, binomial test and for ranking of factors and sub factors, Friedman test was done. This model tested in a bank and the degree of compliance with ISMS calculated.