ﺷﻨﺎﺳﺎﯾﯽ و رﺗﺒﻪ‌ﺑﻨﺪی رﯾﺴﮏ‌ﻫﺎی ﻣﺆﺛﺮ ﺑﺮ اﻣﻨﯿﺖ ﻣﻨﺎﺑﻊ اﻃﻼﻋﺎﺗﯽ ﺑﺎ اﺳﺘﻔﺎده از ﺗﮑﻨﯿﮏ ﺗﺼﻤﯿﻢ‌ﮔﯿﺮی ﭼﻨﺪﻣﻌﯿﺎره

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی کارشناسی ارشد گروه مدیریت فناوری اطلاعات ، واحد اهواز، دانشگاه آزاد اسلامی، اهواز، ایران

2 استادیار ،گروه علم اطلاعات و دانش شناسی ، واحد اهواز، دانشگاه آزاد اسلامی، اهواز، ایران

چکیده

پژوهش حاضر با هدف شناسایی و اولویت‌بندی ریسک‌های موثر بر سیستم‌های مدیریت امنیت اطلاعات در شرکت بهره برداری نفت و گاز آغاجاری به انجام رسید. جامعه آماری این تحقیق، 20 نفر از مدیران ارشد، مدیران میانی و کارشناسان ارشد فناوری اطلاعات و ارتباطات در شرکت مذکور بودند که به حوزه امنیت سیستم‌های اطلاعاتی این سازمان اشراف کامل داشتند. جهت انتخاب این افراد، سعی شد از روش «قضاوتی» استفاده شود و همه افراد مطلع و خبره شرکت بهره‌برداری نفت و گاز آغاجاری در حوزه موضوع پژوهش، در فرایند تحقیق مشارکت داده شوند. ابزار اصلی جمع آوری داده ها در این تحقیق، سه پرسشنامه بود، پرسشنامه اول با هدف شناسایی ریسک‌ها و بصورت نیمه ساختاریافته طراحی گردید، پرسشنامه دوم با هدف غربالگری ریسک‌های شناسایی شده به صورت بسته و بر اساس طیف پنج گزینه‌ای لیکرت تنظیم شد، و نهایتاً پرسشنامه سوم با هدف تعیین اوزان ریسک‌های اصلی (مقایسات زوجی) و همچنین تعیین اولویت ریسک های فرعی (طیف پنج گزینه‌ای) طراحی گردید. بعد از توزیع و جمع آوری داده ها، انجام تجزیه و تحلیل های لازمه از طریق نرم افزار های SPSS، ExpertChoice و Excel در دستور کار قرار گرفت. در این فرایند، آنالیزهایی همچون آزمون تی (t)، آزمون کولموگروف-اسمیرنوف، فرایند تحلیل سلسله مراتبی، و تاپسیس به انجام رسید. سرانجام، نتایج تحقیق منجر به شناسایی 27 ریسک در قالب چهار دسته کلی شد. لازم به ذکر است که این پژوهش از لحاظ هدف کاربردی، از لحاظ رویکرد پیمایشی و ازنظر نوع مطالعات توسعه‌ای می‌باشد.

کلیدواژه‌ها


عنوان مقاله [English]

Identifying and ranking influencing risks on security of information resources using multi –criteria decision-making technique

نویسندگان [English]

  • Naser Zeydani 1
  • Fariba Nazari 2
1 Department of Information Management, Ahvaz Branch, Islamic Azad University, Ahvaz, Iran
چکیده [English]

Purpose of this study was to identify and prioritize the effective risks of information security management systems in Aghajari oil and gas exploitation company. Statistical population of this study was 20 senior managers, middle managers and senior IT experts in the company, who were highly skilled in the field of information security of this organization. This expert team was questioned both in the identification stage and in the prioritization of risks. To select these people, we tried to use the "judiciary" method and all well-known and knowledgeable individuals in the Aghajari oil and gas exploitation company participate in the research process in the field of research. Main tools for collecting data in this research were three questionnaires designedthe first questionnaire was designed. The aim of identifying risks and being semi-structured, Second questionnaire was designed with the aim of screening the identified risks in closed form and based on the five-choice Likert scale, Finally, the third questionnaire was designed with the aim of determining the principal risk weights (paired comparisons) as well as determining the priority of sub-risk (five-choice spectrum). After distributing and collecting data, the necessary analyzes were performed through SPSS, ExpertChoice and Excel software. In this process, analyzes were performed such as t-test, Kolmogorov-Smirnov test, hierarchical analysis process, and topsis test. Finally, the research results identified 27 risks in four general categories. It should be noted that this research is in terms of its purpose in terms of the survey approach and the type of development studies.

کلیدواژه‌ها [English]

  • Risk
  • Information Security Management Systems
  • multi –criteria decision-making technique
[1]Alavi, R., Shareeful, I.,& Haralambos, M. (2016). An information security risk-driven investment model for analysing human factors, Information & Computer Security, Vol. 24 Issue: 2, pp.205-227.(in Persian).##[2]Andrii. B. (2019).Information systems for supply chain management: uncertainties, risks and cyber security, Procedia Computer ScienceVolume 1492019Pages 65-70.(in Persian).##[3]Dashti, A. (2005). Security Standards, Network Magazine, No. 54, pp. 163-158. .(in Persian).##[4]Evangelos, D., Frangopoulos, P., Mariki, M., Eloff, Lucas, M., Venter. (2013). Psychosocial risks: Can their effects on the security of information systems really be ignored?, Information Management & Computer Security, Vol. 21 Issue: 1, pp.53-65.##[5]Gary Stoneburner, Alice Goguen, & Alexis Feringa. (2002). Risk Management Guide for Information Technology Systems, National Institute of Standards and Technology, July.##[6] Hosseini, S. (2016). Reasons for Organizational Failure in Strategic Information Technology Planning, Conference on Management and Humanities Research in Iran, Tehran: Modbar Management Research Institute, University of Tehran .(in Persian).##[7]Jiqiang, C., Witold, P., Litao, Ma., C, Wang. (2014). A new information security risk analysis method based on membership degree, Kybernetes, Vol. 43, Iss: 5, pp.686 – 698.##[8]Keshtegar, AS., Kedri, T., Vazife, z. (2015). An Overview of the Outsourcing Risks of Information Technology Projects, 5th International Conference on Accounting and Management and 2nd Conference on Entrepreneurship and Open Innovation, Tehran, Mehr Ishraq Conference.(in Persian).##[9]Pipkin, D. L. (2000). Information security, new jersey: Prentice Hall..##[10] Rahnamaii Zakavat, m. (2017). Application of data mining in big data management in the field of health information using CRISP-DM algorithm, Annual Conference on New Management Paradigms in the field of intelligence, Tehran, Permanent Conference Secretariat, University of Tehran.(in Persian).##[11]Reyes, G,, Jose, Gasco., Juan, Llopis. (2010). Information systems outsourcing reasons and risks: a new assessment, Industrial Management & Data Systems, Vol. 110,  Iss: 2, pp.284 – 303.##[12]Rezaei, Ali., Mossadegh, Mohammad Javad., Rezaei, Mona. (2018). Factors affecting the effectiveness of information security management system. Quarterly Journal of Development and Transformation Management, 1397 (33), 73-82.(in Persian).
##[13]Sayadi, A., Hayati, m.,Azar, A. (2011). Risk Assessment and Rating in Tunneling Projects Using Linear Allocation Method, International Journal of Industrial Engineering and Production Management, Volume 22, Number 1, pp. 28-28.(in Persian).##[14]Yaqubi, N.,Jafari, H., Shokohi, J. (2015). Identification and Ranking of Cloud Computing Risk Factors in Government Organizations, Information Processing and Management, Volume 30, Number 3, pp. 784-759.(in Persian).##[15]Yousefi Zenooz, R.,Hassanpour, A., Mousavi, P. (2015). Presenting a model for prioritizing organizational information security risks using fuzzy AHP and Bayesian network in the banking industry, Quarterly Journal of Industrial Management Studies, Volume 13, Number 37, pp. 185-161.(in Persian).##[16]Zandiyan, F., Gharavi, A., Hassanzadeh, M. (2018). Identifying the impact of human factors on information security in the Department of Education. Scientific. Journal of Information Management, 4 (2), 110-128.(in Persian) ).##[17]Zargari, K. (2017). The Impact of Internal Organizational Factors on the Efficiency of Human Resource Management Information Systems in Banks of Guilan Province, 2nd International Conference on Management and Accounting, Tehran, Salehan Institute of Higher Education.(in Persian).