---

Standards in the field of IT security, due to the youthfulness of this area, it is relatively new, but the long history of standard processes, leading to a mature and efficient development of standards in this area. Several researches have been done in the field of information security that shows the breadth and complexity of information security, as well as, several standards has been developed in this field. Ignoring the information security is as open embrace risky on a variety of issues that may be faced in doing anything with it. Information security plays an important role in protecting the assets of the organization. As regards that no formula cannot guarantee complete security, however, need to a series of criteria and standards to achieve the appropriate level of information security resources to be used effectively and the best way to adopt security. Each of them has covered a specific aspect of security, and sometimes a set of standards to cover only one aspect of security. The adoption of information security standards, it must first be emphasized to match the original standard and note that proportionality is localized or they may create problems. The present research introduces the world deal with information security standards. It will be discussed that how to change views of information security in detail, and introduced a variety of tools and solutions.

---

Due to the increasing use of smartphones among different groups of users in society as well as various capabilities that mobile devices provide for users, ensuring the security of smartphones is very important. Distribution markets of apps compromises the security of smartphones. Appstores play an important role in ensuring the security of smartphones and, if security requirements will be followed then they can protect users against malware developers. For this purpose, it is essential to identify security risks for this part of the app ecosystems. In this document, security risks raised in the app ecosystem in the field of app distribution markets have been explained. 
 

---

Abstarct- The local search engine systems is one of the indicators of IT industry development in all countries. The safety of these systems arises according to its specific position, with providing users to access to right information in the least possible time. The most effective measures to secure this type of application are assessment and risk management in the early stage of software security. It consists of a set of steps that will help a software team in the applications management during the development process. In order to reduce the risk of this type of systems responce to risk approach is selected. The main objective of this article is assessment and risk management based on information collected from designed questionnaire. As well as to identify important risks, security controls and NIST methodology are used and the results of calculations of the risk level are provided on the basis of known fields.

---

The widespread use of information and communication technology in industrial control systems has exposed many cyber attacks to these systems. The first step in providing security solutions is to recognize the threats and vulnerabilities of a system at first. Therefore, in this work, after providing a general overview of the SCADA security, we provide a survey on actual cyber attacks from 2000 up to now. To be able to assess the risk of these attacks, we perform profiling them based on the target systems of the attack, the geographical area of it, the method used in the attack and its impact. This profiling provides a clear view of the most important security incidents in SCADA systems and could be useful in the defining suitable strategies for preventing and defending against the major SCADA security attacks.

---

The development of the country's infrastructure as an independent, safe and stable infrastructure is one of the strategic priorities of the country, the realization of which, in addition to the technological requirements in the field of information and communication technology, laying the foundation for the establishment, development and supply of various services and content of the country's cyber space, requires the provision of secure communications. And the vital infrastructure of the country is also stable.
Based on the conceptual model contained in the resolution of the 66th meeting of the Supreme Council of Cyberspace, the communication and information infrastructure of the country consists of a series of main modules, whose risk analysis is in line with the reversibility in accidents, protection against threats, monitoring and intelligent response from the basic needs of communication access. It is safe and secure. Due to the space limitations of this article, the author intends to explain how to achieve multi-sample risk analysis from these basic modules and then based on the results, how to exploit the emerging knowledge in the form of a diagram to identify the type of threat and its source and extract Explain the mentioned preventive requirements.