مونا ونکی - Ph.D. Candidate in IT, Allameh Tabatab’i University, Tehran, Iran
محمدرضا تقوا - Associate Prof. in Industrial Management, Allameh Tabatab’i University, Tehran, Iran
محمد تقی تقوی فرد - Associate Prof. in Industrial Management, Allameh Tabatab’i University, Tehran, Iran
کامران فیضی - Prof. in Industrial Management, Allameh Tabatab’i University, Tehran, Iran

According to the complexity and differences between Iranian banks and other developed countries the appropriate actions to implement effective security management of information technology have not been taken. The aim of this study was to create a powerful model by selecting the appropriate security controls to protect information assets in the bank. In this model, at first the principle set fort in ISO standard ۲۷۰۰۱, was extracted and then by further studies derived from best practices carried out in the world on the related subject from ۲۰۰۸ to ۲۰۱۶ using a qualitative descriptive method), points comply with information security management in the banking industry were added to it. With the study of Iranian banks in dealing with IT security management system and with help of action research tools, provisions which prevent the actual implementation of this standard was removed and finally a conceptual model with operating instructions and considering all the principles of information security management standard, as well as banking institutions focusing on the characteristics of Iran was proposed.

Asset, Banking, Information security management system certification, ISO ۲۷۰۰۱ standard