Database Reference
In-Depth Information
Security balanced scorecard
The following figure shows an illustrative scorecard of security objectives arranged
with relationships between them:
Guarantee good
custodianship of
Customer Data
Customer
Perspective
Maintain a good
reputation with
regard to security
Minimize cost of
Fraud
Financial
Perspective
Minimize cost of
Disaster Recovery
Minimize cost of
security breaches
Minimize Time
between end of
employment and
accounts revoked
Maintain
Availability of
Systems
Minimize
Confidentiality
Align Security
Strategy with
Corporate
Strategy
Segregate Duties
required to
Authorize and
Disperse Funds
Internal
Processes
Reduce Number
of Audit Issues for
Security
Minimize Time
between Change
of Job and
Authorization
Changes
Ensure Least
Privileges are
granted in order to
perform job
Appropriately
Harden Systems
Maintain Risk
Awareness
Program
Document
Security Policies
Recruit
Credentialed and
experience
Security
Professsionals
Learning and
Growth
Remain current on
technical and
regulatory issues
The first thing that we will do when working with the Chief Security Officer is to
work on a balanced scorecard for the security function. We will help him come up
with metrics that show, how well he is doing in addressing both the objectives of the
company as well as the information risks. In this example the objectives are as follows:
• Customer perspective:
° Guarantee good custodianship of customer data
° Maintain a good reputation with regard to security
Search WWH ::
Custom Search