Has your organization compliance with ISMS? A case study in an Iranian Bank

Purpose – The purpose of this study is proposing a model to determine the gaps between security standards requirements and the reality of implementation ISMS. Design/methodology/approach – The research approach analyzes the various industry standards relevant to information security and responses gained from interviewing with 45 individuals of IT professionals and information security experts (who are chosen with targeted sampling) in order to develop a model comprising factors and subfactors which assesses compliance with ISMS (Information Security Management System) in organizations. For hypothesis test, binomial test and for ranking of factors and subfactors, Friedman test was done. This model tested in an iranian bank and the degree of compliance with ISMS calculated. Findings – The case study proposes a novel model based on the standards and experience of the IT professionals and information security experts, comprising factors and subfactors which assesses the degree of readiness of an organization for implementing ISMS or the degree of compliance with this system. Originality/value –Studies show Sometimes Implementing ISMS projects regarding government rules in organizations compliance with one of the existing ISMS standards are unsucceessful in achiving predifined security goals and 1 . Master of IT management, Department of Management, Allame Tabatabaei University, Iran Email: [email protected]