Balancing performance measures for information security management. A balanced scorecard framework
| Pages | 242-255 |
| DOI | https://doi.org/10.1108/02635570610649880 |
| Date | 01 February 2006 |
| Published date | 01 February 2006 |
| Author | Shi‐Ming Huang,Chia‐Ling Lee,Ai‐Chin Kao |
| Subject Matter | Economics,Information & knowledge management,Management science & operations |
Balancing performance measures
for information security
management
A balanced scorecard framework
Shi-Ming Huang and Chia-Ling Lee
Department of Accounting and Information Technology, Chung-Chen
University, Chiayi, Taiwan, Republic of China, and
Ai-Chin Kao
Department of Information Management, Chung-Chen University, Chiayi,
Taiwan, Republic of China
Abstract
Purpose – To provide useful references for manufacturing industry which guide the linkage of
business strategies and performance indicators for information security projects.
Design/methodology/approach – This study uses balanced scorecard (BSC) framework to set up
performance index for information security management in organizations. Moreover, BSC used is to
strengthen the linkage between foundational performance indicators and progressive business
strategy theme.
Findings – The general model of information security management builds thestrategy map with 12
strategy themes and 35 key performance indicators are established. The development of strategy map
also express how to link strategy themes to key performance indicators.
Research limitations/implications – The investigation of listed manufacturing companies in
Taiwan may limit the application elsewhere.
Practical implications – Traditional performance measurement system like return on investment,
sales growth is not enough to describe and manage intangible assets. This study based on BSC to
measure information security management performance can provide the increasing value from
improving measures and management insight in modern business.
Originality/value – This study combines the information security researches and organizational
performance studies. The result helps organizations to assess values of information security projects
and consider how to link projects performance to business strategies.
Keywords Data security, Performance measures, Balancedscorecard, Manufacturing industries,
Taiwan
Paper type Research paper
Introduction
In e-business era, business operation depends highly on information systems (IS).
However, the rising information security incidents caused huge loss year after year
(CSI, 2005; Garg et al., 2003; Kros et al., 2004). Therefore, it should be no surprise
that the expenditure on information security has become the priority in business
budgets. No doubt, when firms invest in projects of information security, they
have to assess the consequence of business returns. Also, linking information
security initiatives to financial investment may help firms to evaluate
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/0263-5577.htm
IMDS
106,2
242
Industrial Management & Data
Systems
Vol. 106 No. 2, 2006
pp. 242-255
qEmerald Group Publishing Limited
0263-5577
DOI 10.1108/02635570610649880
To continue reading
Request your trial