تقييم نظام ادارة أمن المعلومات على وفق المواصفة (ISO27001) دراسة حالة الشركة العامة للأنظمة الالكترونية

Abstract

The current research aims at evaluating the information security management system in the General Company for Electronic Systems according to the standard (ISO 27001: 2013) by measuring and analyzing the application gap. The research started from a problem expressed by a number of questions, the most important of which was the availability of information security management system requirements according to the standard (ISO 27001: 2013) in the General Company for Electronic Systems.Using a case study methodology to achieve its objectives, the General Company for Electronic Systems was chosen as a practical field for conducting the research. A number of statistical tools and methods were used, such as checklists to collect data and information and a number of statistical methods for measuring and analyzing the gap (weighted mean and percentage of the matching rate) The research reached a number of results, the most important of which was a gap (63%) in the reality of the application of the information security management system in the company.