الفهرس Only 14 pages are availabe for public view
 |  | from | 224 |  |  |
| | | from | 224 | | |
Abstract
The protection of information is of utmost importance for enterprises.Throughout the years, enterprises have experienced numerous system losses which have had a direct impact on their most valuable asset and information. Therefore, the enterprises must find ways to make sure that the appropriate and most effective information security controls are implemented in order to protect their critical or most sensitive classified information. Information security control selection methods have been employed in the past, including risk analysis and management, baseline manuals, or random approaches.These methods may not ensure the inclusion of required/necessary controls or the exclusion of unnecessary controls.The research is based on the information security standards ISO /IEC 27001 and ISO /IEC 27002:2013 to investigate the effective use before and after improvement to measure the readiness of information security of the enterprise. Also, the management system is the framework of processes and procedures used to ensure that an enterprise can fulfill all tasks required to achieve its objectives of information security.Sixsigma DMAIC methodology (Define, Measure, Analyze, Improve and Control) is applied, and also uses mathematical calculation and computer tools are also used. The work concentrated on four main domains: Technology, Organization, People and Environment a scope for structural dimension and five levels.The developed information security assessment model could be used by enterprises for expressing the assurance level of their information security management system depending on the protection controls of the ISO/IEC 27002 information security management standard