Providing a Framework to Support the Analysis and Implementation of Information Security Management Systems Based on the ISO/IEC ۲۷۰۰۱ ISMS Standard in Several Subsidiary Companies of the Ministry of Roads and Urban Development

The purpose of the present study is to provide a model-based framework to support the analysis and implementation of information security management systems based on the ISO/IEC ۲۷۰۰۱ ISMS standard in several subsidiary companies of the Ministry of Roads and Urban Development. The research strategy used in this study is a sequential exploratory mixed-methods approach. In the present research, by utilizing the results of this phase and through in-depth and semi-structured interviews with seven relevant managers from ten examined companies, the components related to the objectives and prerequisites for implementing information security management systems based on the ISO/IEC ۲۷۰۰۱ ISMS standard were identified. The collected data were then analyzed using thematic analysis, which is one of the efficient and flexible methods, and the MAXQDA۱۰ software. Subsequently, to validate and prioritize the identified components, a questionnaire was distributed among the employees of the ten companies, including deputies, managers, and operational staff, as another step of the research. By leveraging the obtained results, the final framework for the objectives and prerequisites for the establishment of organizational security management based on the ISO/IEC ۲۷۰۰۱ ISMS standard in the intended dimensions was presented. Furthermore, structural equation modeling (SEM) was applied using the Smart PLS software to examine the causal relationships between variables. In the case study, the framework was planned to be implemented in several subsidiary companies of the Ministry of Roads and Urban Development to evaluate its effectiveness, which will confirm or reject the proposed framework's objectives. Accordingly, ۴۳۰ questionnaires derived from the qualitative research section were distributed among the statistical sample. The research findings indicate that five categories—compliance with other standards, organizational motivation, implementation, consequences and outcomes, and context—emerged from the qualitative thematic analysis. In the quantitative section, structural equation modeling demonstrated that context, implementation, integration with other standards, and organizational motivation significantly impact the outcomes and consequences of implementing information security management systems based on the ISO/IEC ۲۷۰۰۱ ISMS standard.The purpose of the present study is to provide a model-based framework to support the analysis and implementation of information security management systems based on the ISO/IEC ۲۷۰۰۱ ISMS standard in several subsidiary companies of the Ministry of Roads and Urban Development. The research strategy used in this study is a sequential exploratory mixed-methods approach. In the present research, by utilizing the results of this phase and through in-depth and semi-structured interviews with seven relevant managers from ten examined companies, the components related to the objectives and prerequisites for implementing information security management systems based on the ISO/IEC ۲۷۰۰۱ ISMS standard were identified. The collected data were then analyzed using thematic analysis, which is one of the efficient and flexible methods, and the MAXQDA۱۰ software. Subsequently, to validate and prioritize the identified components, a questionnaire was distributed among the employees of the ten companies, including deputies, managers, and operational staff, as another step of the research. By leveraging the obtained results, the final framework for the objectives and prerequisites for the establishment of organizational security management based on the ISO/IEC ۲۷۰۰۱ ISMS standard in the intended dimensions was presented. Furthermore, structural equation modeling (SEM) was applied using the Smart PLS software to examine the causal relationships between variables. In the case study, the framework was planned to be implemented in several subsidiary companies of the Ministry of Roads and Urban Development to evaluate its effectiveness, which will confirm or reject the proposed framework's objectives. Accordingly, ۴۳۰ questionnaires derived from the qualitative research section were distributed among the statistical sample. The research findings indicate that five categories—compliance with other standards, organizational motivation, implementation, consequences and outcomes, and context—emerged from the qualitative thematic analysis. In the quantitative section, structural equation modeling demonstrated that context, implementation, integration with other standards, and organizational motivation significantly impact the outcomes and consequences of implementing information security management systems based on the ISO/IEC ۲۷۰۰۱ ISMS standard.