Document Type : Original Article
PhD student, Department of Information Science and Epistemology, Science and Research Branch, Islamic Azad University, Tehran, Iran.
Associate Professor, Department of Communication, Information and Epistemology, Science and Research Branch, Islamic Azad University, Tehran, Iran
Associate Professor, Faculty of Humanities, Yadgar Imam Khomeini Branch, Islamic Azad University, Shahrari, Iran.
Simultaneously with the developments of the 20th century and the process of globalization in the present era, information and communication technology has enabled the emergence of a networked society. The new world has become a network, the main fabric of which is information and electronic communication system. The change in the nature of social relations in the form of virtual communities has caused the emergence of a kind of social insecurity and new crimes and misdemeanors in virtual spaces. Gradually, with the expansion of information and communication technology, especially the Internet, and subsequently the expansion of the types of threats and risks associated with that, the concepts of information security, information systems security and cyber security were also developed. As in war, soldiers are taught the correct behavior to deal with all kinds of threats, the world of information is a real battlefield despite hackers and cyber attacks, and information security experts should know the correct behavior to deal with cyber attacks like an expert soldier. In this research, with the purpose and development-applicative approach, with the help of meta-combination method (sequential-exploratory), firstly by library method, 112 sources were screened from 270 primary sources and placed as the focus of the work and in order to identify the component. The seven-step technique of Barroso and Sandlowski 2007 has been used for the security of information systems and 142 indicators consisting of 5 dimensions and 17 components were extracted, then with the help of a two-step Delphi method using two groups of 15 experts, questions, Valuation and validity were evaluated and after the completion of the qualitative part, it entered the quantitative stage, and a questionnaire with 131 confirmed indicators was prepared and sent to 156 information security experts, and after receiving 111 complete questionnaires, the analysis process began with the help of SPSS and MATLAB software. In this research, the factor "security threats" has the highest weight with a weight of 0.983, and the index "unintentional damages" has the highest weight among other indicators of the "security threats" component, and after that, the "security vulnerabilities" component has the highest weight. With the factor weight of 0.979, it has the second rank, and the "process factors" component with the factor weight of 0.975 ranks the third, and the "human factors" component with the factor weight of 0.970 ranks the fourth, and finally, the "technical factors" component with the factor weight of 0.920 ranks last. has had the components, in the following the results obtained and the prioritizations obtained were compared with the results of other studies and based on the accuracy of the validation and confirmation of the comparisons, the validity of the results was confirmed and in a general impression it should be said, contrary to the opinion of the majority Data-driven companies believe that the component of "technical factors" is the first rank in information security, but from the results obtained, this assumption was violated and the importance of the behavioral pattern of information security experts was confirmed, which is caused by laws, organizational structure, organizational culture and training. Is. Finally, with the help of the weight of the obtained components and indicators, after ranking and prioritizing the components and characteristics, suggestions were expressed to modify the behavioral pattern of information security experts.