Review the implementation of information security management system requirements in hospitals of Tabriz in East Azarbaijan
DOI:
https://doi.org/10.24200/jmas.vol4iss01pp72-77Abstract
The purpose of this study was to investigate and analyze the assumptions and requirements for the implementation of Information Security Management System (ISMS). Methodology: To check assumptions security management system implementation is the population of Tabriz hospitals. Review the requirements and assumptions are based on the standard ISO / IEC 27001, ISO / IEC 27002 test target setting and ISO 27001 standard questionnaire containing 33 questions in 11 control is used. The data were analyzed using descriptive and inferential statistical method that factors in the implementation of information security management system was confirmed. As well as to identify factors contributing to the implementation of information security management system and factor analysis, structural equation model was used PLS smart software that based on its findings to impact and indirect aspects of implementation effectiveness of the system. Results: Using the software, smart-PLS and using structural equation modeling confirmatory factor analysis was performed to measure the test of convergent validity, divergent validity, reliability Security and reliability of observable variables and quality test and measurement model of the 101 comments experts, all the prerequisites and requirements, including information security policy, the organization of information security, asset management, human resources in terms of security, physical and environmental security, communications and operations management, access control, use, development and maintenance, incident management information security, business continuity management and compliance with laws in secure level at %99 is forecast in Tabriz hospitals are effective information security management system. Conclusion: According to prioritize the factors affecting information security management system, operating (after) the most monitors and agents (after) the supply and implementation of information security management system least affected are in Tabriz hospitals.References
Araby, S., & Nabiallah Dehgan, M. 2011. Research Methods in SterategicManagement Research Center twentieth, 60: 23-46.
Bazarghan, A. 2008. Behavioural science research methods. Tehran: Agah publisher, 1: 1-14.
Dehghan-Nayei, N., & Aghajani, M. 2010. Patients' Privacy and Satisfaction in the Emergency Department: A Descriptive Analytical Study. Nurse Ethics. 17 (2): 167-77.
Karami, M. 2013. Patients' rights guidelines for electronic information security environment. Medical ethics, History of medical journal, 5 (17): 37-62.
Kazemi, M. 2014. Survey and assess the implementation of information security management Tabriz mayor, M.D of managemet excutive, Faculty of Humanities. Islamic azad university.benab unit.
Kuzu, N., Ergin, A., & Zencir, M. 2006. Patient’s awareness of their rights in Developing country. Public Health. 120 (4): 290-6.
Leino-Kilpi, H., & Kuttu, K. 1995. Patients' Rights in Hospitals: An Emperical Investigation in Finland. Nurse Ethics. 2 (2): 103-13.
Merakou, K., Dalla-Vorgia, P., Garanis-Papadatos, T., & Kourea, K. 2001. Satisfying Patient’s Rights: A Hospital Patients survey. Nursing Ethics. 8 (6): 499-509.
Mallik, M. 1997. Advocacy in Nursing: A Review of Literature. Journal of Advanced Nursing. 25 (1): 130-8.
Moghaddasi, H., & Ayani, S. 2013. Data security of health information systems. Protective Research -security: University of Imam Hussein, 3: 14-29.
Woogara, J. 2005. Patient’s Rights to Privacy and Dignity in the NHS Nurse stand, 19 (18): 33-7.
Zulfikar, F., & Ulsoy, M. 2001. Are Patients Aware of Their Rights? A Turkish Study. Nursing Ethics, 8 (6): 487-97.