IDEAS home Printed from https://ideas.repec.org/a/ids/ijbisy/v5y2010i1p34-57.html
   My bibliography  Save this article

Information security investment decisions: evaluating the Balanced Scorecard method

Author

Listed:
  • Linda J. Tallau
  • Manish Gupta
  • Raj Sharman

Abstract

Justifying security investments has been challenging for managers and executives alike for several well-published reasons. With the growing importance of security measures, companies are increasing the share of security investments in their overall Information Technology (IT) budgets. This paper presents a practical application of the Balanced Scorecard method in evaluating the investment decisions made on the acquisition of security technologies by an organisation. The research shows that this methodology can be used effectively in comparative analysis situations where two or more investments are being considered using a set of best choices per organisational goal. The proposed methodology incorporates the percentages of financial, customer, business and growth goals defined in a set of metrics and places a weighted value on those percentages to achieve an overall percentage of met goals. The research is carried out in a US-based large public university's IT division.

Suggested Citation

  • Linda J. Tallau & Manish Gupta & Raj Sharman, 2010. "Information security investment decisions: evaluating the Balanced Scorecard method," International Journal of Business Information Systems, Inderscience Enterprises Ltd, vol. 5(1), pages 34-57.
  • Handle: RePEc:ids:ijbisy:v:5:y:2010:i:1:p:34-57
    as

    Download full text from publisher

    File URL: http://www.inderscience.com/link.php?id=29479
    Download Restriction: Access to full text is restricted to subscribers.
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.
    2. Kemendi Agnes & Michelberger Pal, 2024. "Process security methods and measurement in the context of standard management systems," Engineering Management in Production and Services, Sciendo, vol. 16(2), pages 148-165.
    3. Jürgen Harrer & Andreas Wald, 2016. "Levers of enterprise security control: a study on the use, measurement and value contribution," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 27(1), pages 7-32, February.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    2. Bin Srinidhi & Jia Yan & Giri Kumar Tayi, 2008. "Firm-level Resource Allocation to Information Security in the Presence of Financial Distress," Working Papers 2008-17, School of Economic Sciences, Washington State University.
    3. Jaume Belles‐Sampera & Montserrat Guillén & Miguel Santolino, 2014. "Beyond Value‐at‐Risk: GlueVaR Distortion Risk Measures," Risk Analysis, John Wiley & Sons, vol. 34(1), pages 121-134, January.
    4. Adam Behrendt & Vineet M. Payyappalli & Jun Zhuang, 2019. "Modeling the Cost Effectiveness of Fire Protection Resource Allocation in the United States: Models and a 1980–2014 Case Study," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1358-1381, June.
    5. Aniruddha Bagchi & Tridib Bandyopadhyay, 2018. "Role of Intelligence Inputs in Defending Against Cyber Warfare and Cyberterrorism," Decision Analysis, INFORMS, vol. 15(3), pages 174-193, September.
    6. Lu Xu & Yanhui Li & Qi Yao, 2022. "Information security investment and purchase decision for personalized products," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(6), pages 2619-2635, September.
    7. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.
    8. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.
    9. Fang Fang & Manoj Parameswaran & Xia Zhao & Andrew B. Whinston, 2014. "An economic mechanism to manage operational security risks for inter-organizational information systems," Information Systems Frontiers, Springer, vol. 16(3), pages 399-416, July.
    10. Guang Zhu & Hu Liu & Mining Feng, 2018. "An Evolutionary Game-Theoretic Approach for Assessing Privacy Protection in mHealth Systems," IJERPH, MDPI, vol. 15(10), pages 1-27, October.
    11. Yong Wu & Gengzhong Feng & Richard Y. K. Fung, 2018. "Comparison of information security decisions under different security and business environments," Journal of the Operational Research Society, Taylor & Francis Journals, vol. 69(5), pages 747-761, May.
    12. Gurvirender P.S. Tejay & Babak Shoraka, 2011. "Reducing cyber harassment through de jure standards: a study on the lack of the information security management standard adoption in the USA," International Journal of Management and Decision Making, Inderscience Enterprises Ltd, vol. 11(5/6), pages 324-343.
    13. Hamid Mohtadi & Swati Agiwal, 2012. "Optimal Security Investments and Extreme Risk," Risk Analysis, John Wiley & Sons, vol. 32(8), pages 1309-1325, August.
    14. Kjell Hausken, 2014. "Returns to information security investment: Endogenizing the expected loss," Information Systems Frontiers, Springer, vol. 16(2), pages 329-336, April.
    15. Alessandro Mazzoccoli, 2023. "Optimal Cyber Security Investment in a Mixed Risk Management Framework: Examining the Role of Cyber Insurance and Expenditure Analysis," Risks, MDPI, vol. 11(9), pages 1-14, August.
    16. Schilling, Andreas & Werners, Brigitte, 2016. "Optimal selection of IT security safeguards from an existing knowledge base," European Journal of Operational Research, Elsevier, vol. 248(1), pages 318-327.
    17. Lawrence A. Gordon & Martin P. Loeb, 2006. "Economic aspects of information security: An emerging field of research," Information Systems Frontiers, Springer, vol. 8(5), pages 335-337, December.
    18. Alessandro Mazzoccoli & Maurizio Naldi, 2022. "An Overview of Security Breach Probability Models," Risks, MDPI, vol. 10(11), pages 1-29, November.
    19. Mayadunne, Sanjaya & Park, Sungjune, 2016. "An economic model to evaluate information security investment of risk-taking small and medium enterprises," International Journal of Production Economics, Elsevier, vol. 182(C), pages 519-530.
    20. Yosra Miaoui & Noureddine Boudriga, 2019. "Enterprise security investment through time when facing different types of vulnerabilities," Information Systems Frontiers, Springer, vol. 21(2), pages 261-300, April.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ids:ijbisy:v:5:y:2010:i:1:p:34-57. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sarah Parker (email available below). General contact details of provider: http://www.inderscience.com/browse/index.php?journalID=172 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.