Security balanced scorecard
The following figure shows an illustrative scorecard of security objectives arranged with relationships between them:
The first thing that we will do when working with the Chief Security Officer is to work on a balanced scorecard for the security function. We will help him come up with metrics that show, how well he is doing in addressing both the objectives of the company as well as the information risks. In this example the objectives are as follows:
Customer perspective:
Guarantee good custodianship of customer data
Maintain a good reputation with regard to security
Financial perspective:
Minimize the cost of security breaches
Minimize cost of fraud
Minimize cost of disaster recovery
Process perspective:
Maintain confidentiality
Minimize the time between a job change and authorization changes
Minimize time between End of Employment and Revocation of Accounts
Segregation of Duties required or authorize and dispense funds
Align security with corporate strategy
Appropriately...
