بررسی مولفه‌های امنیت اطلاعات دیجیتال و چارچوب مفهومی حاصل از آن‌ها بااستفاده از تحلیل مضمون

Abstract
Purpose: In today's world, people are immersed in a sea of information. Information, along with human resources, plays the role of capital for an organization; therefore, the success of organizations in the information age depends on the protection and utilization of information resources. Access to the Internet and working with new digital technologies have created risks that have challenged individuals and organizations. There are various factors in information security threats that can be identified, and steps can be taken to confront and repel them. The present study was conducted to identify the components of digital information security and design a conceptual framework for them, using the qualitative method of content analysis.
Methodology: This study used an inductive approach, that is, reaching from the part to the whole. The method used is also a qualitative content analysis approach. Also, the statistical population of this study consisted of expert university professors in the fields of management and information technology.
Findings: This research led to the identification of 7 main themes and 35 sub-themes that comprise the country's macro-policies, including: allocating a course unit in the field of cyber, establishing a research and development department for security measures, producing and broadcasting educational programs, a relief committee for cyber-attacks, and allocating budgets in the field of information security; human factors including: personality traits, motivation, individual experiences, human error, level of literacy and individual skills, recognition and understanding of individuals, awareness, bias, individual tendencies, and overwork; technological factors including: malware, localization of technologies, software threats, security software, software weaknesses; structural factors including: structural reform, device upgrades, internal organization policies, monitoring and control; cultural factors including: human resource training, human resource awareness, manager actions, managers' role models for employees, management support, and finally communication-related factors including effective communication and communication security.
Conclusion: Organizations and societies are made up of individuals; therefore, human aspects play the most important role in implementing and understanding information security, as well as in creating uncertainty, insecurity, and related threats, which refers to the human factor in information security. Technology-related factors are another important component in maintaining digital information security in organizations. Since the advent of ATMs until today, technologies have saved costs, but they also bring potential threats, which are dangerous for the survival and success of the organization. Problems such as viruses, worms, and intrusions can cause severe damage to the information systems of organizations. The identified management factors are related to all the actions of the manager in the field of digital information security. Every organization is required to maintain the confidentiality of information, data, and personal statements of human resources, etc., so the management of organizations plays an important role in ensuring information security. Humans are multifaceted beings who are influenced by various factors, therefore, awareness, education, and promotion of knowledge and literacy of employees of organizations and users who use information; support and backing of the manager and creating a collaborative and supportive atmosphere among colleagues; creating information security policies and modeling them by experienced managers and employees; creating intimacy, honesty, and a positive atmosphere, cooperation, and effort in the workplace; motivational and leadership actions are considered a subset of cultural factors. Structural factors are also important in maintaining digital information security, and as the findings of the present study show, the most frequent theme in terms of assigned codes belongs to this factor and such things as structural modification and updating of the devices used. Today's world is a world of boundless communications, and an organization that cannot use this important skill and opportunity is doomed to failure. Therefore, the factors related to communications identified in this study are related to maintaining effective communications between individuals to access accurate, reliable, and timely information that must be exchanged and made available to individuals in a secure environment; and the last identified item includes the country's macro policies, which are based on other identified environmental factors. Since awareness and education of individuals an important factor in maintaining information security, it is incumbent on officials to be diligent in making macro decisions and policies and to provide the ground for education and awareness of individuals.
Limitations: A major limitation of the present study was insufficient time for in-depth interviews with experts, which occurred due to the high workload of the professors and the difficulty of coordination.
Originality: Applying an inductive approach and using a qualitative method of content analysis to identify and classify digital security components and present a conceptual framework derived from them.