IDEAS home Printed from https://ideas.repec.org/a/ids/ijbisy/v5y2010i1p34-57.html
   My bibliography  Save this article

Information security investment decisions: evaluating the Balanced Scorecard method

Author

Listed:
  • Linda J. Tallau
  • Manish Gupta
  • Raj Sharman

Abstract

Justifying security investments has been challenging for managers and executives alike for several well-published reasons. With the growing importance of security measures, companies are increasing the share of security investments in their overall Information Technology (IT) budgets. This paper presents a practical application of the Balanced Scorecard method in evaluating the investment decisions made on the acquisition of security technologies by an organisation. The research shows that this methodology can be used effectively in comparative analysis situations where two or more investments are being considered using a set of best choices per organisational goal. The proposed methodology incorporates the percentages of financial, customer, business and growth goals defined in a set of metrics and places a weighted value on those percentages to achieve an overall percentage of met goals. The research is carried out in a US-based large public university's IT division.

Suggested Citation

  • Linda J. Tallau & Manish Gupta & Raj Sharman, 2010. "Information security investment decisions: evaluating the Balanced Scorecard method," International Journal of Business Information Systems, Inderscience Enterprises Ltd, vol. 5(1), pages 34-57.
  • Handle: RePEc:ids:ijbisy:v:5:y:2010:i:1:p:34-57
    as

    Download full text from publisher

    File URL: http://www.inderscience.com/link.php?id=29479
    Download Restriction: Access to full text is restricted to subscribers.
    ---><---

    As the access to this document is restricted, you may want to search for a different version of it.

    References listed on IDEAS

    as
    1. Kjell Hausken, 2006. "Returns to information security investment: The effect of alternative information security breach functions on optimal investment and sensitivity to vulnerability," Information Systems Frontiers, Springer, vol. 8(5), pages 338-349, December.
    Full references (including those not matched with items on IDEAS)

    Citations

    Citations are extracted by the CitEc Project, subscribe to its RSS feed for this item.
    as


    Cited by:

    1. Tejaswini C. Herath & Hemantha S. B. Herath & David Cullum, 2023. "An Information Security Performance Measurement Tool for Senior Managers: Balanced Scorecard Integration for Security Governance and Control Frameworks," Information Systems Frontiers, Springer, vol. 25(2), pages 681-721, April.
    2. Kemendi Agnes & Michelberger Pal, 2024. "Process security methods and measurement in the context of standard management systems," Engineering Management in Production and Services, Sciendo, vol. 16(2), pages 148-165.
    3. Jürgen Harrer & Andreas Wald, 2016. "Levers of enterprise security control: a study on the use, measurement and value contribution," Journal of Management Control: Zeitschrift für Planung und Unternehmenssteuerung, Springer, vol. 27(1), pages 7-32, February.

    Most related items

    These are the items that most often cite the same works as this one and are cited by the same works as this one.
    1. Guizhou Wang & Jonathan W. Welburn & Kjell Hausken, 2020. "A Two-Period Game Theoretic Model of Zero-Day Attacks with Stockpiling," Games, MDPI, vol. 11(4), pages 1-26, December.
    2. Anna Nagurney & Ladimer Nagurney, 2015. "A game theory model of cybersecurity investments with information asymmetry," Netnomics, Springer, vol. 16(1), pages 127-148, August.
    3. Seyed Alireza Hasheminasab & Behrouz Tork Ladani, 2018. "Security Investment in Contagious Networks," Risk Analysis, John Wiley & Sons, vol. 38(8), pages 1559-1575, August.
    4. Amitava Dutta & Rahul Roy, 2008. "Dynamics of organizational information security," System Dynamics Review, System Dynamics Society, vol. 24(3), pages 349-375, September.
    5. Bin Srinidhi & Jia Yan & Giri Kumar Tayi, 2008. "Firm-level Resource Allocation to Information Security in the Presence of Financial Distress," Working Papers 2008-17, School of Economic Sciences, Washington State University.
    6. Jaume Belles‐Sampera & Montserrat Guillén & Miguel Santolino, 2014. "Beyond Value‐at‐Risk: GlueVaR Distortion Risk Measures," Risk Analysis, John Wiley & Sons, vol. 34(1), pages 121-134, January.
    7. Levitin, Gregory & Hausken, Kjell & Taboada, Heidi A. & Coit, David W., 2012. "Data survivability vs. security in information systems," Reliability Engineering and System Safety, Elsevier, vol. 100(C), pages 19-27.
    8. Kjell Hausken & Jonathan W. Welburn, 2021. "Attack and Defense Strategies in Cyber War Involving Production and Stockpiling of Zero-Day Cyber Exploits," Information Systems Frontiers, Springer, vol. 23(6), pages 1609-1620, December.
    9. Adam Behrendt & Vineet M. Payyappalli & Jun Zhuang, 2019. "Modeling the Cost Effectiveness of Fire Protection Resource Allocation in the United States: Models and a 1980–2014 Case Study," Risk Analysis, John Wiley & Sons, vol. 39(6), pages 1358-1381, June.
    10. Alessandro Fedele & Cristian Roner, 2022. "Dangerous games: A literature review on cybersecurity investments," Journal of Economic Surveys, Wiley Blackwell, vol. 36(1), pages 157-187, February.
    11. Hee-Kyung Kong & Tae-Sung Kim & Jungduk Kim, 2012. "An analysis on effects of information security investments: a BSC perspective," Journal of Intelligent Manufacturing, Springer, vol. 23(4), pages 941-953, August.
    12. Aniruddha Bagchi & Tridib Bandyopadhyay, 2018. "Role of Intelligence Inputs in Defending Against Cyber Warfare and Cyberterrorism," Decision Analysis, INFORMS, vol. 15(3), pages 174-193, September.
    13. Lu Xu & Yanhui Li & Qi Yao, 2022. "Information security investment and purchase decision for personalized products," Managerial and Decision Economics, John Wiley & Sons, Ltd., vol. 43(6), pages 2619-2635, September.
    14. Liao, Chun-Hsiung & Chen, Chun-Wei, 2014. "Network externality and incentive to invest in network security," Economic Modelling, Elsevier, vol. 36(C), pages 398-404.
    15. Soumyo D. Moitra, 2014. "A Model for Estimating the Benefits from Network Security Systems," International Journal of Business Analytics (IJBAN), IGI Global, vol. 1(3), pages 1-20, July.
    16. Paul, Jomon A. & Zhang, Minjiao, 2021. "Decision support model for cybersecurity risk planning: A two-stage stochastic programming framework featuring firms, government, and attacker," European Journal of Operational Research, Elsevier, vol. 291(1), pages 349-364.
    17. Chul Ho Lee & Xianjun Geng & Srinivasan Raghunathan, 2016. "Mandatory Standards and Organizational Information Security," Information Systems Research, INFORMS, vol. 27(1), pages 70-86, March.
    18. David Iliaev & Sigal Oren & Ella Segev, 2023. "A Tullock-contest-based approach for cyber security investments," Annals of Operations Research, Springer, vol. 320(1), pages 61-84, January.
    19. Simon, Jay & Omar, Ayman, 2020. "Cybersecurity investments in the supply chain: Coordination and a strategic attacker," European Journal of Operational Research, Elsevier, vol. 282(1), pages 161-171.
    20. Daniel Schatz & Rabih Bashroush, 2017. "Economic valuation for information security investment: a systematic literature review," Information Systems Frontiers, Springer, vol. 19(5), pages 1205-1228, October.

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:ids:ijbisy:v:5:y:2010:i:1:p:34-57. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    If CitEc recognized a bibliographic reference but did not link an item in RePEc to it, you can help with this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: Sarah Parker (email available below). General contact details of provider: http://www.inderscience.com/browse/index.php?journalID=172 .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.