The Level of Compliance with Information Security Management System in Iranian Banks (Case Study of the Banks in Tehran)
The present study mainly aims to investigate information security management system (physical and communications security, information access control, information security incident management and continuity of operations) of the banks in Tehran. Research methodology is Analytical-Survey. The population consisted of all the heads of banks in Tehran that is 26 managers in 2015. In this study, a researcher-made questionnaire has been used. Electronic mail (Email) was used to collect data. Descriptive statistics such as frequencies and percentages, univariate t-test and Chi-square test were used to analyze the data. Friedman test is presented to compare the components of information security management in terms of compliance. As the results indicate, the components have been largely observed in the banks. If any of the managers, employees and customers comply the proper procedures with respect to information security parameters, it can be hoped that information security is observed in the banks.
Keywordsó Standard ISO27001, Physical Security, Communication Security, Access Control, Incident Management, Continuity Management of Operations.