Information Technology Reference
In-Depth Information
have become a vital factor for organizational development and competitive advantage in
a global world. Many standards, policies, regulations, information security assessment
methodologies and assessment tools have been developed for organizations. In this
respect, organizations can implement information security approaches according to
standards and revise their information security approaches in accordance with
assessment tools, and they can also take countermeasures against determined risks as
well.
In the light of the information mentioned above, this study evaluates information
security level of a defense industry organization where ISO 27001 Information Security
Standard has been fully implemented, as well as the information security approaches
mainly used due to the nature of the organization.
2
Information Security and Developments in Turkey
Information security is one of the most important components for many organizations
who achieve their organizational goals via information technologies and information
systems. Blackley, McDernott and Geer [1] express that the emergence of new risks
dealing with technological developments has a huge effect on organizational
approaches about information security. They also indicate that risk assessments for
information systems should be carried out by organizations. As many researchers,
governmental organizations and their reports have demonstrated, organizations should
lead in the evaluation and assessment of their own information security applications,
approaches and determine organizational risks.
There are many definitions of information security in the field of organizational
knowledge management and library and information science. One of these definitions
emphasized that “information security is collective efforts that are made for security
of information processing, protection for unauthorized access, long term preservation,
migration, emulation and storage of data/information in electronic environments” [2].
Furthermore, it can be inferred that information security is not only a term about
technology but it is also about organizational identity. Studies on this topic asserted
that information security is important for all work processes such as creation,
processing and storage of information as well as in information systems and
information systems [3], [4].
The term information security was mentioned and described in Turkey for the first
time in 2005 with the publication of "e-Transformation Turkey Project Principles of
Interoperability Guide" [5]. The Guide identifies the main aims of information
security as protection of information processed via the information life cycle (in
capture, creation, usage, storage, transmission and destruction phases) within the
organization and providing the privacy, integrity and accessibility of information
transmitted between organizations. Security and privacy of personal information was
also considered to be one of the main themes in “Information Society Strategy Action
Plan (2006-2010)” that was published by the Ministry of Development. Some
important points covered in the plan are listed below:
Search WWH ::
Custom Search