Creating a Balanced Scorecard for Computer Security

Abstract

Information assurance includes the monitoring and controlling of the various aspects of an organization's computer security systems. This paper outlines various approaches to define the measures or metrics that can be used to reliably describe the organization's current IA posture and introduces the use of the balanced scorecard for computer security. The balanced scorecard is most commonly used to monitor and control business elements by looking at them from four important perspectives: customer, financial, internal processes, and innovation and growth. This paper proposes a comparable approach for managing computer security by looking at security mechanisms from the perspectives of the users, owners, regulators, and system administrators