Balancing performance measures for information security management: A balanced scorecard framework

Industrial Management and Data Systems

Volumn 106, Issue 2, 2006, Pages 242-255

  Huang, Shi Ming ^a   Lee, Chia Ling ^a   Kao, Ai Chin ^a  

^a NATIONAL CHUNG CHENG UNIVERSITY   (Taiwan)

Author keywords

Balanced scorecard; Data security; Manufacturing industries; Performance measures; Taiwan

Indexed keywords

INFORMATION MANAGEMENT; INVESTMENTS; MANUFACTURE; PROJECT MANAGEMENT; SOCIETIES AND INSTITUTIONS;

MANUFACTURING INDUSTRY; PERFORMANCE INDICATORS; PERFORMANCE MEASURES;

SECURITY OF DATA;

EID: 33644586763     PISSN: 02635577     EISSN: None     Source Type: Journal    
DOI: 10.1108/02635570610649880     Document Type: Article

References (35)

1. Austin, R.D. and Darby, C. (2003), "The myth of secure computing", Harvard Business Review, Vol. 81 No. 6, pp. 120-6.
2. Becker, S.A. (2004), "A usability study of internet privacy policies for state and commercial websites", International Journal of Services and Standards, Vol. 1 No. 1, pp. 52-68.
3. British Standards Institution - BSI (1999), Information Security Management - Part 1, Code of Practice for Information Security Management, BS 7799-1, BSI Group, London.
4. British Standards Institution - BSI (2002), Information Security Management - Part 2, Specification for Information Security Management Systems, BS 7799-2, BSI Group, London.
5. Bryan, L.D. and Smith, A.D. (2005), "Exploring prevention and perpetrator aspects concerning employee fraud in organisations", International Journal of Management and Enterprise Development, Vol. 2 Nos 3/4, pp. 257-87.
6. Carini, B. and Morel, B. (2002), "Dynamics and equilibria of information security investment", paper presented at Workshop on Economics and Information Security, University of California, Berkeley, CA.
7. Computer Security Institute - CSI (2005), "2004 CSI/FBI Computer Crime and Security Survey", Computer Security Institute Publications, Washington, DC, available at: http://i.cmpnet.com/gocsi/dbarea/pdfs/fbi/FBI2004. pdf.
8. Eloff, M.M. and Von Solms, S.H. (2000), "Information security management: an approach to combine process certification and product evaluation", Computers & Security, Vol. 19 No. 8, pp. 698-709.
9. European Software Institute - ESI (2004), Balanced IT Scorecard (BITS), European Software Institute, Zamudio, available at: www.esi.es/en/Technologies/ iBITS.html.
10. Foltz, C.B., Cronan, T.P. and Jones, T.W. (2005), "Have you met your organization's computer usage policy?", Industrial Management & Data Systems, Vol. 105 No. 2, pp. 137-46.
11. Garg, A., Curtis, J. and Halper, H. (2003), "Quantifying the financial impact of IT security breaches", Information Management & Computer Security, Vol. 11 No. 2, pp. 74-83.
12. General Accounting Office - GAO (2004), Information Security Risk Assessment: Practices of Leading Organizations, Accounting and Information Management Division, United States General Accounting Office, Washington, DC, available at: www.gao.gov/special.pubs/ai00033.pdf.
13. Gordon, L.A. and Loeb, M.P. (2001), "Using information security as a response to competitor analysis systems", Communications of the ACM, Vol. 44 No. 9, pp. 70-5.
14. Hair, J.F., Anderson, R.E., Tatham, R.L. and Black, W.C. (1998), Multivariate Data Analysis, 5th ed., Prentice-Hall, Englewood Cliffs, NJ.
15. Information Systems Audit and Control Association - ISACA (2004), Control Objectives for Information and Related Technology (COBIT), Information Systems Audit and Control Association, Chicago, IL, available at: www.isaca.org.
16. Ittner, C.D. and Larcker, D.F. (2003), "Coming up short on nonfinancial performance measurement", Harvard Business Review, Vol. 81 No. 11, pp. 88-95.
17. Jun, M. and Cai, S. (2003), "Key obstacles to EDI success: from the US small manufacturing companies' perspective", Industrial Management & Data Systems, Vol. 103 No. 3, pp. 192-203.
18. Kaplan, R.S. and Norton, D.P. (2001), "Transforming the balanced scorecard from performance measurement to strategic management: Part I", Accounting Horizons, Vol. 15 No. 1, pp. 87-104.
19. Kaplan, R.S. and Norton, D.P. (2004), Strategy Maps: Converting Intangible Assets into Tangible Outcomes, 1st ed., Harvard Business School Publishing Corp., Boston, MA.
20. KPMG (2000), Information Security Survey 2000, KPMG International, Sydney.
21. Kros, J.R., Foltz, C.B. and Metcalf, C.L. (2004), "Assessing & quantifying the loss of network intrusion", Journal of Computer Information Systems, Vol. 45 No. 2, pp. 36-43.
22. Kundu, S.C. (2004), "Impact of computer disasters on information management: a study", Industrial Management & Data System, Vol. 104 No. 2, pp. 136-43.
23. Lawshe, C.H. (1975), "A quantitative approach to content validity", Personnel Psychology, Vol. 28, pp. 564-75.
24. Leem, C.S. and Kim, I. (2004), "An integrated evaluation system based on the continuous improvement model of IS performance", Industrial Management & Data Systems, Vol. 104 No. 2, pp. 115-28.
25. McIntosh, J.C. and Baron, J.P. (2005), "Mobile commerce's impact on today's workforce: issues, impacts and implications", International Journal of Mobile Communications, Vol. 3 No. 2, pp. 99-113.
26. Martinsons, M., Davison, R. and Tse, D. (1999), "The balanced scorecard: a foundation for the strategic management of information systems", Decision Support Systems, Vol. 25 No. 1, pp. 71-88.
27. May, C. (2003), "Dynamic corporate culture lies at the heart of effective security strategy", Computer Fraud & Security, Vol. 5, pp. 10-13.
28. Morgan, R.E. and Strong, C.A. (2003), "Business performance and dimensions of strategic orientation", Journal of Business Research, Vol. 56 No. 3, pp. 163-76.
29. Organisation for Economic Co-operation and Development - OECD (2002), OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, OECD Publications, Washington, DC.
30. Purser, S.A. (2004), "Improving the ROI of the security management process", Computers & Security, Vol. 23, pp. 542-6.
31. Ross, J.W., Beath, C.M. and Goodhue, D.L. (1996), "Develop long-term competitiveness through IT assets", MIT Sloan Management Review, Vol. 38 No. 1, pp. 31-42.
32. Santhanam, R. and Hartono, E. (2003), "Issues in linking information technology capability to firm performance", MIS Quarterly, Vol. 27 No. 1, pp. 125-53.
33. Trček, D. (2003), "An integral framework for information systems security management", Computers & Security, Vol. 22 No. 4, pp. 337-60.
34. Wade, M. and Hulland, J. (2004), "Review: the resource-based view and information systems research: review, extension, and suggestions for future research", MIS Quarterly, Vol. 28 No. 1, pp. 107-42.
35. Wright, M. (1999), "Third generation risk management practices", Computer Fraud & Security, Vol. 2, pp. 9-12.