Enterprise Information Security Assessment Using Balanced Scorecard

摘要

The paper deals with an algorithm of an enterprise balanced score-card development and implementation. The balanced score card provides comprehensive assessment of all aspects of an enterprise thus resulting in its control as a whole. The approach has several advantages: it gives a complete vision of the processes at the enterprise administration disposal; it helps to avoid critical situations and security breaches, in particular, unauthorized access; it facilitates interaction at all organizational levels and ensures understanding of strategic goals by all participants in the production process. Using enterprise production process as an example the description was given to strategic goals, objectives, critical indicators and strategy map of their interrelations in order to reduce the amount of damage from unauthorized access and other security violations as well as to enhance the production process. To minimize the impact of intrusions on the enterprise productivity the set of countermeasures was elaborated. Indicators changes due to the above measures and expressed in the form of their additive convolution were evaluated and compared under different states of the system. Measures efficiency with regards to information security is assessed according to the values obtained. The measures make also possible monitoring downtime and working time at the enterprise, reducing the risk of intentional equipment damage including that due to unauthorized access, and achieving strategic goals.