Information security of Web-based systems in Iran Institution of public libraries

Purpose: This paper aims to evaluate the security of web-based information systems of Iran Public Libraries Foundation (IPLF). Methodology: Survey method was used as a method for implementation. The tool for data collection was a questionnaire, based on the standard ISO/IEC 27002, that has the eleven indicators and 79 sub-criteria, which examines security of web-based information systems of IPLF. Four web-based systems of IPLF evaluated. Evaluation criteria includes: Security Policy; Organization of information security; Asset management; human resources security; physical and environmental security; communications and operations management; access control; Information systems acquisition, development and maintenance; Information security incident management; business continuity management, and compliance. Findings: Results show that security level of "Reading grid system" and "my book system" with an average of 0/68 was high. Security level of “Payam Mashregh system” and “Farzin statistical system” with an average of 0/60 and 0/53 was middle. Indicators such as "business continuity management", “prepare, develop and maintain information systems' strongest points”, “information security policy” and “information security organization” are among the most vulnerable areas of information security systems of IPLF And there were significant differences between viewpoints of experts about indicators of Information Security systems of IPLF. Originality/value: We designed a systematic approach for the immunization of data exchange environment by evaluating web-based systems of IPLF by some criteria derived from accepted information security management standards. This article identified the strengths and vulnerabilities of the mentioned systems.