A Conceptual Framework for Securing Information Systems in Organizations Based on Methasynthesis Approach

Security of information systems is a critical issue that many organizations facing today, and includes three dimensions of human, technical and process. There are also some technical attitudes and approaches in most studies in this area. The purpose of this study is to provide a new model that addresses the security requirements for dealing with threats and fixing vulnerabilities in all three dimensions. Therefore, 255 articles were reviewed using the above-mentioned approach. After evaluation, 76 articles were approved for final examination and extraction of codes. Of these articles, 47 threats in 8 categories; 31 vulnerabilities in 8 floors; 15 human requirements; 34 technical requirements in 7 general categories and 17 process requirements. Finally, security requirements for dealing with each threat and fixing the vulnerabilities were selected and presented as a comprehensive framework. The greatest number of threats related to criminal activities / abuses and the lowest frequency is for human challenges. Among vulnerabilities, the highest frequency is related to the occurrence of criminal activity / abuse and the lowest frequency is related to weakness in failure / failure control. The most important human requirement is the development and implementation of training programs in the field of information security, the most technical requirements related to Information security mechanisms and systems, and the most important requirement is for the process of drafting laws, guidelines, instructions and Security requirements of information systems in the organization.