The Evaluation of Information Security Management System in the Iraqi Commission for Computers and Informatics according to the International Standard (ISO 27001: 2013)

Abstract

The current research included (the evaluation of Information Security Management System on according to international standard (ISO / IEC 27001: 2013) in Iraqi Commission for Computers and Informatics), for the development of an administrative system for information security is considered a priority in the present day, and in the light of the organizations dependence on computers and information technology in work and communication with others. The international legitimacy (represented by the International Organization for standardization (ISO)) remains the basis for matching and commitment and the importance of the application of information Security Management System according to the international standard (ISO / IEC 27001: 2013) is manifested in protecting the assets of the organizations especially information and databases systematically and continuously. The aim of the research was evaluating between the Information Security Management System that currently exists in the Iraqi Commission for Computers and Informatics (site of conducting the research) and the Information Security Management System according to the International Standard (ISO / IEC 27001: 2013) by using examining checklists in order to diagnose nonconformity gaps with the international standard. The research has come to an important conclusion, i.e. (the administrative system for information security followed by the Iraqi Commission for Computers and Informatics, despite its dependence on modern technology and the efficient staff , it lacks good documentation and application of many of the requirements International Standard (ISO / IEC 27001: 2013) came with needs to rebuild an organizational structure and functions consistent with the supporting International Standard (ISO / IEC 27003: 2010). The research concluded with the most important recommendation (forming a work team that adopts preparing the prerequisites of Appling the standard (ISO / IEC 27001: 2013) works at meeting its requirements and the requirements of other management systems (quality management system and so on), and associated with the top management to facilitate the support with resources and powers.