تحلیل ساختارمند شاخص ایمنی در امنیت و پدافند سایبری سازمان های دانش بنیان کشور

نوع مقاله : مقاله پژوهشی

نویسندگان

1 دانشجوی دکتری رشته مدیریت فناوری اطلاعات، دانشگاه آزاد اسلامی، واحد تهران جنوب، تهران، ایران

2 استادیار گروه مدیریت فناروی اطلاعات، دانشکده مدیریت، دانشگاه ازاد اسلامی، واحد تهران جنوب، تهران، ایران

3 استادیار گروه مدیریت صنعتی، دانشکده مدیریت، دانشگاه ازاد اسلامی، واحد تهران جنوب، تهران، ایران

4 استادیار پژوهشی پژوهشکده امنیت، پژوهشگاه ارتباطات و فناوری اطلاعات، تهران، ایران

چکیده

گسترش حملات و انواع تهدیدات در فضای سایبری در سازمان‌های داده‌محور و دانشی باعث شده، توجه به مسئله امنیت و پدافند سایبری در سازمان‌های دانش‌بنیان بعنوان یک مسئله بسیار مهم و راهبردی مطرح گردد. این موضوع نیازمند، تبیین نقشه‌راهی جامع جهت دستیابی به اهداف، از طریق عملکرد بهینه، در فرآیندهای اصلی سازمان می‌باشد. تحقیق حاضر به تحلیل ساختارمند شاخص­های ایمنی در امنیت و پدافند سایبری سازمان‌های دانش‌بنیان پرداخته است. پس از مشخص نمودن مولفه‌ها و زیرمولفه‌های اثرگذار با استفاده از روش‌های علمی (روش دلفی)، میزان اهمیت آنها توسط خبرگان مشخص گردید. مولفه‌های اثرگذار ترکیبی از مولفه‌های امنیت و پدافند سایبری می‌باشند. وجود انواع تهدیدات در فضای سایبری و نیز شرایط راهبردی کشور موجب شد، تا سه سازمان دانش‌بنیان"دانشگاه آزاد اسلامی واحد تهران جنوب، واحد علوم و تحقیقات و دانشگاه تهران که از لحاظ مسائل راهبردی و سایبری دارای اهمیت می‌باشند، مورد مطالعه قرار گیرند. میزان اهمیت مولفه‌های اثرگذار با نظرات خبرگان تعیین گردیده، میانگین هندسی بدست آمد و پس از وزن‌دهی مولفه‌ها تمامی مقادیر نرمال‌سازی شدند و با استفاده از الگوریتم تکاملی پرومیتی بعنوان یکی از روش‌های نوین تصمیم‌گیری هوشمند، مقایسه درون‌گروهی، میان‌گروهی مولفه‌های صورت پذیرفت و سپس اولویت‌بندی براساس جنس مولفه‌های میان‌گروهی امنیت و پدافند سایبری انجام پذیرفت. سازمان‌ها براساس اولویت‌بندی و میزان امتیاز رتبه‌بندی شده و مقرر گردید، با رعایت اصول راهبردی میزان امنیت و پدافند سایبری درون‌سازمانی را افزایش داده تا به حداکثر امنیت و کارایی سازمان‌ها در حوزه پدافند سایبری دست یابند. 

کلیدواژه‌ها


عنوان مقاله [English]

Systematic Analysis of Safety Indicator in Security and Cyber Defense of Knowledge-Based Organizations in the Iran

نویسندگان [English]

  • alireza alizadeh soodmand 1
  • Kiamarth Fathi Hafeshjani 2
  • Ashraf Shah Mansouri 3
  • Abuzar Arab Sorkhi 4
1 Department of Information Technology Management, Islamic Azad University, South Tehran Branch, Tehran, Iran
2 Department of Information Technology Management, Islamic Azad University, South Tehran Branch, Tehran, Iran
3 Department of Information Technology Management, Islamic Azad University, South Tehran Branch, Tehran, Iran
4 Research Assistant Professor, Security Research Institute, Communication and Information Technology Research Center, Tehran, Iran
چکیده [English]

The spread of attacks and various threats in the cyber space in data-oriented and knowledge-based organizations has caused attention to the issue of cyber security and defense in knowledge-based organizations as very important and strategic issue. This issue requires the explanation of comprehensive roadmap to achieve the goals through the optimal performance of the organization's main processes. The present research deals with the structured analysis of the safety index in security and cyber defense of knowledge-based organizations.After determining the sub-indicators and main influencing factors using scientific methods (Delphi method),their importance was determined by experts. Effective components are combination of security and cyber defense components.The existence of various threats and conditions in the country caused three knowledge-based organizations, "Islamic Azad University,South Tehran Branch, University Research Sciences Unit,and University of Tehran, which they are important in terms of strategic and cyber issues, to be studied. The importance of the influencing factors With the opinions of determined experts, the geometric mean was obtained, and after weighting the components, all values were normalized, using the evolutionary algorithm of Prometheus as one of the new decision-making methods,intra-group comparison of the components was carried out, and then the priority It was done based on the type of intergroup security and cyber defense components. The organizations were ranked based on priority and the amount of points and it was decided to increase the level of security and cyber defense within the organization in accordance with the strategic principles to achieve maximum security and efficiency of the system.
 

کلیدواژه‌ها [English]

  • Safety Index
  • Information Security
  • Cyber Defense
  • Prometheus Evolutionary Algorithm

Smiley face

[1]. United Nations Cybercrime Monitoring Center , “United Nations Cybercrime Monitoring Center report, in 2023,”. https://www.unodc.org/
[3]. Office Statistics and Information ICT Organization, “Annual Performance Report ICT Organization, Ministry ICT of Iran,  2023
[4]. Regulations on the Formation of Knowledge-Based Companies, Vice President for Science, Technology and Knowledge-Based Economy, Working Group on the Formation of KBC of Iran, 2023, https://daneshbonyan.isti.ir
[5].R.U, “Regulations for the Evaluation of Knowledge-Bbased Companies,” Vice President for Science, Technology and Knowledge-Based Economy, Department of Evaluation of KBC of Iran, 2023, https://daneshbonyan.isti.ir
[6]. Y. Omidi, “Effective factors in the success of commercialization of the products of internal knowledge-based companies studied in Pardis Technology Park,” master's degree (Islamic Azad University,” Science and Research Unit, Faculty of Management and Economics, Technology Management Field), pp. 32-78, 2021. (In Persian)
 [7].   M. Darzi ramandi, “Theoretical model of information security assessment in Iran's electronic government,” Doctoral thesis (Islamic Azad University, Science and Research Unit, Faculty of Management and Economics, Department of Information Technology Management - Smart Business), pp. 20-95, 2023. (In Persian)
[8]. Kh. Razikin, B. Soewito, “Cybersecurity decision support model to design information technology security system based on risk analysis and cybersecurity framework,”  Egyptian Informatics Journal 16 Marc. 2022.
 [9]. M.a, Chen. “Smart city and cyber-security; technologies used, leading challenges and future recommendations.” Energy Reports. 7. 10.1016/j.egyr.08.124, 2021.
[10]. M. Rahimi,  “Presentation of security (cyber) indicators for measuring the efficiency of the national information network,” supervisor: Mohammad Hadi Zahedi, consultant professor: Abbas Ali Rezaei, Payam Noor University, Bushehr Province, Payam Noor Center Asalouye, MA, 1.45-69, 2021.(In Persian)
[11]. A.M. Mahdavi, “Compilation of information security evaluation indicators of the organization.,”Al-Zahra University (S) - Faculty of Economics and Accounting. 12-75, 2012 (In Persian)
[12].  A. R. Alizadeh Soodmand, S. Najafi. “The strategic role of security in organizational information architecture. Journal of the Iranian Management Association. number 186. August and September 2016 (In Persian)
[13]. S. A. Qara, “Designing the evaluation model of cultural indicators of information security with Dimtel and Vicor method,” guided by Ehsan Sadeh; former Zain al-Abidin Amini consulting. Master's degree (Islamic Azad University, Science and Research Unit, Faculty of Management and Economics, Department of Information Technology Management - Information Resource Management). 2021 (In Persian)
[14]. M. Soori, “Optimizing supply chain resilience function using cyber-physical systems in automotive industry,” master's degree (Islamic Azad University, Science and Research Unit, Faculty of Management and Economics, Industrial Management - Production and Operations). 2022 (In Persian)
 [15]. M. Akhtari, M. A. Karamati, S. A. A. Mousavi, “Comparative comparison of cyber security and information security maturity models and statistics of common cyber security indicators,” passive defense, 13(4): 21-38. 2023. (In  persian). https://pd.ihu.ac.ir/issue_2201372_2201441.html
[16].  A. Noori, “Controller and viewer design in cyber-physical systems,” master's degree (Islamic Azad University. Science and Research Unit, Faculty of Mechanics, Electricity and Computers, Department of Electrical Engineering - Control); 22-88, 2022.
[17]. Sh Shahrivari, “Presenting a maturity model for information security governance in supply chain management,” master's thesis, Ministry of Science, Research, and Technology, Tarbiat Modares University, Faculty of Economic Affairs. P 1-26, 2021 (In Persian)
 [18]. Basel Katt, m, “Use of cyber attack and defense agents in cyber ranges: A case study,” Computers & Security27 August.P 42-86, 2022
[19]. Simon Yusuf Enoch,“A practical framework for cyber defense generation,” enforcement and evaluation, Computer Networks, 17 March, 2021
[20]. A.R. Pourabrahimi, “Getting to know the principles of environmental security in the field of information and communication technology,” Islamic Azad University, Electronic Department, 23-46, 2019 (In Persian)
[21]. M. R. Hafez Nia, Y. Safavi, M. Sharif; Gh.R. Jalali, “Designing a theoretical model of land preparation by applying the principles of passive defense,” Magazine: Defense Policy » Winter 2018 - Number 69 Scientific-Promotional Rating (Ministry of Science/ISC (38 pages - from 9 to 46), 2021 (In Persian)
[22]. Gh. Nezami., A. Mehri,“The role of non-active defense in the security of the country,” magazine: strategic attitude » July 2017 - number 92 (26 pages - from 187 to 212). 2021 (In Persian).
 [23]. Passive defense organization of Iran, “The country's cyber defense strategic document,” Group: passive defense. Islamic Republic of Iran Cyber Defense Base Working Group, Issue Date: 03/21/2014 (In Persian).
[24]. G. L. Stefanek, A.R. Pourabrahimi, translator,A. Toloi Ashlaqi, translator, “The best in information security,” Islamic Azad University, Electronic Unit, 18-89, 2019
[25].S.Rezvaneh, A.R. Pourabrahimi,“Security Considerations and Stability of Audio and Video Broadcasting in Cyber Space,” Year of Publication, Place of Publication: The First National Conference on Management, Ethics and Business. P. 21-49, 2018 (In Persian)
[26].H. Zarin Pham, H. Golpayegani, Beheshtinia, Idris; Responsible author: Ranjbar, Iraj; “Social capital and soft threats against the Islamic Republic of Iran,” Journal: Foreign Relations » Autumn, Number 51, Rank B (Ministry of Science/ISC (32 pages - from 661 to 692), 2021 (In Persian)
[27]. A. M. Nayini, “Comparative study of three threats: hard, semi-hard and soft.” Defense Strategy, 8(30), 157-177. SID. https://sid.ir/paper/194439/fa, 2021 (In Persian)
[28]. A. Taghipour, A. Mashayikhi, P. Ahmadi, “Dehrshid Measuring citizens' attitudes towards security in cyberspace with passive defense approach (case study: Damghan city,” Passive Defense Quarterly; 13(4): 39-53, 2022. (In Persian)
[29]. M.  Afshon, A. Eidi Sheikh Rabat, “Security Threats,” (Semi-Hard, Journal: Political Research » Summer, Number 13 (35 pages - from 113 to 147), 2014 (In Persian)
[30]. A. Motaghi Dastanain, “Soft threats against the national security of the Islamic Republic of Iran,” Journal: Psychological Operations Studies » Fall, Number 30 (13 pages - from 237 to 249), 2019 (In Persian)
[31]. A.a. Jaafari,M. Nikrosh, “Soft war in the context of cyber threats and security solutions,” Journal: Psychological Operations Studies » Winter and Spring 2011 and 2012 - Number 35 (20 pages - from 28 to 47), 2012 (In Persian)
[32].F. Kalantari, A.Eftekhari, “Examining and explaining the "threat versus threat" strategy in the defense policy of the Islamic Republic of Iran.” Defense Policy, 22(4 (ser. 88)), 63-90. SID. https://sid.ir/paper/261059/fa, 2014 (In Persian)
[33]. A.R. Pourabrahimi, D. Safarnejad, H.R. Kashif, “Cyber defense strategies of the Islamic Republic of Iran against the threats of psychological warfare,” publication: National Security Quarterly No. 22, Volume 6, 2016 (In Persian)
[34]. L.Abualigah, S. A. Diabat, Mirjalili, M. Abd Elaziz, A. H Gandomi, “The arithmetic optimization algorithm,” Computer methods in applied mechanics and engineering, 376, 113609, 2021 (In Persian)
[35]. A. Rajabi Mushtaghi, H. Hojjat, A. Toloui Ashlaghi, M. R, Modir, "Comparison and ranking of meta-heuristic algorithms using group decision-making methods", Strategic Management Quarterly in Industrial Systems (formerly Industrial Management), 16(58), pp. 65-79. doi: 10.30495/imj.2022.688625, 2021 (In Persian)