Educause Security Discussion mailing list archives
Balanced Scorecard metrics for Information Security (Policy) group
From: James H Moore <jhmfa () RIT EDU>
Date: Tue, 6 Jun 2006 10:15:32 -0400
Our division (Finance and Administration) has adopted the "Balanced Scorecard" (http://www.balancedscorecard.org/basics/bsc1.html) as a management system. It has 4 main components: * The Learning and Growth Perspective <https://mymail.rit.edu/exchange/jhmfa/Drafts/RE:%20%5BSECURITY%5D%20Email%20formats.EML/learning.html> * The Business Process Perspective <https://mymail.rit.edu/exchange/jhmfa/Drafts/RE:%20%5BSECURITY%5D%20Email%20formats.EML/process.html> * The Customer Perspective <https://mymail.rit.edu/exchange/jhmfa/Drafts/RE:%20%5BSECURITY%5D%20Email%20formats.EML/customer.html> * The Financial Perspective <https://mymail.rit.edu/exchange/jhmfa/Drafts/RE:%20%5BSECURITY%5D%20Email%20formats.EML/financial.html> I know that CIO magazine discussed its use in IT in an article in 2002. (http://www.cio.com/archive/051502/scorecard.html ) I am stuck. Our office is primarily a strategy, policy and education office (with a small amount of risk assessment andinvestigations leadership) -- 4 people incl 1 student worker.. I am trying to come up with meaningful metrics in these areas. With education we can measure some customer satisfaction. We can do some things (but I am not sure what, yet) with the Learning and Growth perspective from lessons learned from incidents. I have been told that other universities are using the "Balanced Scorecard". Anyone else in a like position willing to share their metrics? Anyone not using balanced scorecard that is willing to share their security metrics? Will summarize to this group. Thanks, Jim - - - Jim Moore, CISSP, IAM Information Security Officer Rochester Institute of Technology 13 Lomb Memorial Drive Rochester, NY 14623-5603 (585) 475-5406 (office) (585) 475-4122 (lab) (585) 475-7950 (fax) "We will have a chance when we are as efficient at communicating information security best practices, as hackers and criminals are at sharing attack information" - Peter Presidio
Current thread:
- Balanced Scorecard metrics for Information Security (Policy) group James H Moore (Jun 06)