Providing a Framework to Support the Analysis and Implementation of Information Security Management Systems Based on the ISO/IEC 27001 ISMS Standard in Several Subsidiary Companies of the Ministry of Roads and Urban Development

Authors

    Abdullateef Haghighat Master's Student, Business Administration (MBA), Technology Specialization, Electronic Campus, Islamic Azad University, Tehran, Iran
    Majid Kalantari * Assistant Professor, Faculty of Management, Department of Information Technology Management, Electronic Campus, Islamic Azad University, Tehran, Iran Eng.m.klt@gmail.com
    Mostafa Kolahdoozi Assistant Professor, Faculty of Management, Department of Information Technology Management, South Tehran Branch, Islamic Azad University, Tehran, Iran

Keywords:

ISO/IEC 27001 ISMS standard, information security, Framework to Support , Roads and Urban Development

Abstract

The purpose of the present study is to provide a model-based framework to support the analysis and implementation of information security management systems based on the ISO/IEC 27001 ISMS standard in several subsidiary companies of the Ministry of Roads and Urban Development. The research strategy used in this study is a sequential exploratory mixed-methods approach. In the present research, by utilizing the results of this phase and through in-depth and semi-structured interviews with seven relevant managers from ten examined companies, the components related to the objectives and prerequisites for implementing information security management systems based on the ISO/IEC 27001 ISMS standard were identified. The collected data were then analyzed using thematic analysis, which is one of the efficient and flexible methods, and the MAXQDA10 software. Subsequently, to validate and prioritize the identified components, a questionnaire was distributed among the employees of the ten companies, including deputies, managers, and operational staff, as another step of the research. By leveraging the obtained results, the final framework for the objectives and prerequisites for the establishment of organizational security management based on the ISO/IEC 27001 ISMS standard in the intended dimensions was presented. Furthermore, structural equation modeling (SEM) was applied using the Smart PLS software to examine the causal relationships between variables. In the case study, the framework was planned to be implemented in several subsidiary companies of the Ministry of Roads and Urban Development to evaluate its effectiveness, which will confirm or reject the proposed framework's objectives. Accordingly, 430 questionnaires derived from the qualitative research section were distributed among the statistical sample. The research findings indicate that five categories—compliance with other standards, organizational motivation, implementation, consequences and outcomes, and context—emerged from the qualitative thematic analysis. In the quantitative section, structural equation modeling demonstrated that context, implementation, integration with other standards, and organizational motivation significantly impact the outcomes and consequences of implementing information security management systems based on the ISO/IEC 27001 ISMS standard.

Downloads

Published

2025-05-01

Submitted

2024-12-11

Revised

2025-01-30

Accepted

2025-02-23

Issue

In Press

Section

Articles

How to Cite

Providing a Framework to Support the Analysis and Implementation of Information Security Management Systems Based on the ISO/IEC 27001 ISMS Standard in Several Subsidiary Companies of the Ministry of Roads and Urban Development. (2025). Management Strategies and Engineering Sciences, 101-110. https://msesj.com/index.php/mses/article/view/174

Similar Articles

1-10 of 119

You may also start an advanced similarity search for this article.