Article: Information security investment decisions: evaluating the Balanced Scorecard method Journal: International Journal of Business Information Systems (IJBIS) 2010 Vol.5 No.1 pp.34 - 57 Abstract: Justifying security investments has been challenging for managers and executives alike for several well-published reasons. With the growing importance of security measures, companies are increasing the share of security investments in their overall Information Technology (IT) budgets. This paper presents a practical application of the Balanced Scorecard method in evaluating the investment decisions made on the acquisition of security technologies by an organisation. The research shows that this methodology can be used effectively in comparative analysis situations where two or more investments are being considered using a set of best choices per organisational goal. The proposed methodology incorporates the percentages of financial, customer, business and growth goals defined in a set of metrics and places a weighted value on those percentages to achieve an overall percentage of met goals. The research is carried out in a US-based large public university|s IT division. Inderscience Publishers - linking academia, business and industry through research

Title: Information security investment decisions: evaluating the Balanced Scorecard method

Authors: Linda J. Tallau, Manish Gupta, Raj Sharman

Addresses: Department of Management Science and Systems, School of Management, State University of New York, Buffalo, NY 14260, USA. ' Department of Management Science and Systems, School of Management, State University of New York, Buffalo, NY 14260, USA. ' Department of Management Science and Systems, School of Management, State University of New York, Buffalo, NY 14260, USA

Abstract: Justifying security investments has been challenging for managers and executives alike for several well-published reasons. With the growing importance of security measures, companies are increasing the share of security investments in their overall Information Technology (IT) budgets. This paper presents a practical application of the Balanced Scorecard method in evaluating the investment decisions made on the acquisition of security technologies by an organisation. The research shows that this methodology can be used effectively in comparative analysis situations where two or more investments are being considered using a set of best choices per organisational goal. The proposed methodology incorporates the percentages of financial, customer, business and growth goals defined in a set of metrics and places a weighted value on those percentages to achieve an overall percentage of met goals. The research is carried out in a US-based large public university|s IT division.

Keywords: business information systems; security metrics; balanced scorecard; BSC; security investments; return-on-security investments; intrusion detection systems; IDS; security economics; organisational security; information technology; budgeting; comparative analysis; higher education; universities; USA; United States.

DOI: 10.1504/IJBIS.2010.029479

International Journal of Business Information Systems, 2010 Vol.5 No.1, pp.34 - 57

Published online: 30 Nov 2009 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Information security investment decisions: evaluating the Balanced Scorecard method

Keep up-to-date