In recent decades, information security has been a great importance for all organizations. However, to enhance information security in an organization, many projects have been failed due to lack of knowledge of risks and effective factors on information security. This p
More
In recent decades, information security has been a great importance for all organizations. However, to enhance information security in an organization, many projects have been failed due to lack of knowledge of risks and effective factors on information security. This paper aims to study effective factors on security of information systems. Data is collected through extensive literature review and open interview by 12 experts, which is chosen as the judgment of researchers purposefully. Causal model of studied risks was designed based on experts’ opinions, after identifying dimensions and risk factors. Subsequently, Dynamic model was plotted by VENSIM software using system dynamics approach. System dynamics modelling creates a better understanding of the system behavior and allows for the development of new structures and policies. In order to test the validation of research dynamic model, boundary condition was used. results indicate that presented model is validated. Moreover, to simulate by studied model, the data is collected from OFOGH consulting engineering company and run for a period of 12 months. As a result, among identified risks, the most important one relates to technical risk. Data risk, human risk and physical risk are in the next ranks respectively. In addition, environmental risk has the lowest importance. At the end, using security software, determining staff access levels, using uninterrupted Power Supply systems, Closed Camera Television (CCTV), and staff training courses are identified as four solutions to improve information systems security behavior.
Manuscript profile