Figure - available via license: Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International
Content may be subject to copyright.
Figure no. 1: Balanced Scorecard (Source: Kaplan & Norton, 1992) The BSC has undergone several iterative developments since its first release. Part of the framework's development was its extension to other fields as IT BSC and IT and cybersecurity BSC. The IT BSC (Van Grembergen, 2000) is in the analogy of the original structure through User orientation, Business contribution, Operational excellence, and Future orientation lead by the business strategy. The User Orientation perspective represents the IT user assessment, and the Operational Excellence perspective comprises the IT processes used to develop and deliver applications. The Future Orientation covers the human and technological resources needed to provide IT and services, while the Business Contribution perspective captures IT investments' business value. Unsurprisingly, the security BSC (Herath, Herath, & Bremser, 2010) is in parallel with the IT BSC. The security BSCs have the Business Value perspective, the Stakeholder Orientation perspective, the Internal Processes perspective, and the Future Readiness perspective. Business value is provided by ensuring confidentiality, availability, integrity, and authenticity and non-repudiation. Stakeholder consideration
Source publication
In the current social and economic processes, information and communication services play a decisive role, changing several entities’ operations. The growing dependence that has developed over the last two decades made the security needs introduced political will, which has resulted in an iterative evolution of the regulatory environment. Hence, th...
Similar publications
Enterprise Architecture plays a critical role in reducing business risks holistically and ensuring a company's resilience to cyber security threats. This abstract emphasizes the significance of Enterprise Architecture in contemporary organizational structures and its influence on these matters, particularly at a time when cybersecurity threats are...
The era of digitization and computers has already arrived. The enormous coverage of cyberspace has changed the way of overall major and minor aspects of the life of doing and looking over things. Most of our processes aims and future planning are now partially or fully dependent on technology. Thus, being new to this technology-driven and dominated...
In current socio-economic processes, info-communication services play a determining role, modifying the activities of certain actors. The growing dependence that has developed over the past two decades has imposed the need to give political will to security, which has led to an iterative evolution of the regulatory environment. Therefore, the regul...
Citations
In current socio-economic processes, info-communication services play a determining role, modifying the activities of certain actors. The growing dependence that has developed over the past two decades has imposed the need to give political will to security, which has led to an iterative evolution of the regulatory environment. Therefore, the regulatory framework requires certain entities to develop safeguards including controls that enhance both prevention and response in a manner commensurate with the business value of the information to be protected. However, due to the nature of cybersecurity, developing such countermeasures is not the task of a standalone organization but all entities in cyberspace in a wide range, from individuals to the public sector. Therefore, each entity involved must design protection capabilities in a manner commensurate with the risk, which requires strategic tools and methods and drives organizations to learn from their security incidents. Following our previous paper “Business strategy analysis of cybersecurity incidents” (Bederna et al.) on the topic, this paper reviews the essential formal security strategy formulation tools applied in the cases of Yahoo! and Estonia. Both are based on publicly available information. The analysis confirms the importance of managements’ or the government’s attitude and support for solving cybersecurity challenges.
