Information Security

Explain the various metrics that should be included in an IT Balanced Scorecard which specifically measures and evaluates IT-related activities.

A balance Scorecard is a management technique that is used to clarify the strategy and vision of an organization and it is based on the strategy to do something tangible and that could be measured. The development behind the Balanced Scorecard is based on the prioritization of measurement that is considered the most crucial part of an organization. The system is prioritized with making the balanced scorecard approach as a true management system that is beyond the measurement system. The history of Balanced Scorecard is based on the Harvard Business School that was based on companies managed and business’s financial measurement. Two professors of Harvard Business School, Kaplan and David Norton recognized as significant shortcomings that are related to finance as imperative to business health. The Balanced Scorecard as a solution to the problem and its basic objective is to translate the corporate strategy to hit the mission and objectives that could be measured (Fooladvand, Yarmohammadian, & Shahtalebi., 2015). The balanced scorecard is based on four metrics that would be helpful for the manager to plan, implement, and attain the business strategy:

·         Financial metrics: These projects are used to track the financial requirements and performance of an organization.

·         Internal business process: Internal business processes are used to measure the critical customer process requirement.

·         Customer metrics: It is used to measure the satisfaction and performance of the clients as it implements to both organization as well as to the product or services that are provided to the customer.

·         Knowledge and growth: These metrics are used to measure how an organization educates employees and providing them technology, training, and knowledge that is important that is. Important for them to grow and develop.

These metrics are sensitive for every organization to have in the balanced scorecard as it is based on the metrics that will lead to unbalance the business situation if these are not implemented (Bostan & Grosu., 2011).

Every individual in the IT industry knows that it is changing drastically and the company must run in the 21^st century and there is no longer a company that is not implementing information technology implements. Companies are used to understand that ID is used to deliver services as business function and organization like marketing and finance is also required to start and support the intelligence software for further development and implementation of these metrics. It is a difficult task as it could measure the pre-existing measurement but with the help of a variety balanced scorecard, it is helpful to manage strategically and predict the future. Information technology, also based to own proper typical, relies on unique metrics to track the performance and also has reactive work with responding to the helpdesk issues. A strong IT department could not translate positive performance in different parts of the organization, but it is necessary to implement a balanced scorecard for the measurement of performance.

After 1995, these four metrics were converted into corporate contribution, customer orientation, operational excellence, and future orientation (Nørreklit & Mitchell., 2014). The objective of metrics was revised for item balance, scorecard to align the IT department and the rest of the organization also based on the metrics that could be tracked with the help of organizations with metrics. It was considered easy to work with this balance scorecard as it was helpful for improvement in efficiency and customer satisfaction and also provide value to the organization. Organizations have to decide to implement a balanced scorecard in the most beneficial way for their bottom line and some consider data organization takes steps and put all the departments on the same scorecard (Wu & Hung, 2007).

Balance scorecard in IT is focused on the alignment of languages so that they could understand the measurement of arrangements in different ways. IT Department could to think about existing measurements of different areas and implement these metrics to measure the turnover and account offices performance measurement. Organizations are required to create a specific IT balanced scorecard that is based on the traditional balance core caste system added, then redesigns according to the requirement of the IT department. IT experts recommended that an IT balanced scorecard would be used with some changes so that they could measure the key performance indicators and implement different key performance indicators in the business units so that the performance of every stakeholder such as customer management and employees could be determined (Agarwal, 2020). It provides operational excellence that has an implementation of these metrics and providing a positive impact on the efficiency and software development of the organization. Companies are implementing an IT-based balanced scorecard approach to develop the company and determining the success that is highly based on strategic planning. It is a crucial part as the metrics must be embraced by leadership and top management to get the proper measurement and it is used properly and accurately. It includes the balanced scorecard that encourages an organization to get rid of different kinds of lines that would implement a negative impact on the strategies of the company that could not be changed.

The balanced scorecard, especially in item balance scorecard becomes a significant component of every company success and it is considered that after two to three decades it would be considered a basic principle for companies but still it helps the different kinds of criticism by the scholars, as when the balanced scorecard was developed with their work. Many business strategies face major issues (Tan, Zhang, & Khodaverdi., 2017). It is not based on formal validation and framework as previous research shows that it seems to be focused on over handling of with financial stakeholder, but not another stakeholder of the organization. Balance Scorecard also developed to fit of radio situation, such as specific ideas. Code card is also working in a nonprofit organization and the government organizations that may measure the success of employees much but shows less. The framework also required the different kinds of redesigning and customization that are rarely provided on the bottom line and it is highly based on clear recommendations that a framework of metrics like balance, the scorecard must require proper leadership and focus to work.

It is concluded that enterprises could be used as a balanced scorecard for every Department, and they are working in the IT department. It is not only based on the size, but it could be used for the development of the organization. IT experts always motivate and encourage the IT department to implement a balanced scorecard so that they could use it to build the value of the organization and the company has to adopt different management techniques to measure the performance, but it balanced scorecards. It is helpful to look for a new way of measurement of the performance that means it could provide empowerment to the new projects with innovative ideas. It could also helpful for encouraging the goals of the organization and also reinvest in labor with the added values as it shows the critical part of the development and performance of the organization. With the implementation of the balanced scorecard, it becomes more traditional and it required agreed on different areas so that they could implement leadership and stop management techniques that would be helpful to accept the culture change and easy to implement the balanced scorecard to measure the performance of the organization (Dumitrescu & Fuciu, 2009).

Question no. 2

Explain the Confidentiality, Integrity, and Availability (CIA) triad and the best practices needed to implement these pillars of Information Security.

Information Security System is the practice of protecting the information from different kinds of risk, and it is considered a basic part of information risk management that involves preventing unauthorized access from the data. It includes different actions and acts that are used to reduce and overcome the adverse impact on data, and it could be in the form of electronic, physical, tangible, and other elements. The basic balance to the protection of information security is based on confidentiality, integrity, and availability as also known as the CIA triad. These elements are used to maintain focus on the efficient policy implementation in the organization, and it also hampers the productivity of the organization. They perform different functions such as the identification of information, evaluation of risk, deciding the threat of risk, and monitoring the activities that could make adjustment water in sensory issues. CIA triad is based on Confidentiality, integrity, and availability, and security control and vulnerability that could be explained as a key concept. It is considered a comprehension concept to implement in the organization to check the privacy of data (Qadir & Quadri., 2016). Confidentiality is based on data objects, resources, and protection of data from unauthorized access and view. Integrity is referred to as data is protected from unauthorized changes to make sure that it is reliable and correct. Availability means that authorized users have access to use the data and they are prepared to provide proper certification that is required to understand the importance of a CIA trade and definition would base on three elements that would be explained in the following:

Confidentiality

Confidentiality refers to the protection of information from unauthorized access and misuse of the data. An information system is most likely to use that some degree of sensitivity exists in the data and it must be based on the proprietary business information that could compete and use their advantages in regarding the organizations, employees, and customers of the organization. Confidential information also has different kinds of value of a system that could frequently use the data. The vulnerabilities to explore the threat and it includes direct attacks that could be made for stealing of password and professional idea of a network. It could attack in different kinds of breaches of contract on an international level, and also have few types of common accidental breaches that include email sensitive information sent to the wrong recipient. There are also some common types of breaching the contract and also based on leaving the confidential information to be displayed on the monitor of an unauthorized person. The Healthcare industry is a basic example of obligations to protect the data for the client in information in a very high and confidential way. Patients expect and demand to provide proper privacy to the health care provider and follow strict regulations to governing their data and health insurance portability and Accountability Act also addressed the security measures that provide complete privacy tool handle the information of the insurer and company (Cherdantseva & Hilton., 2013). It makes sure that physical and technical safeguards must be required for the organization to analyze to be well aware of the risk. Procedures and different software are used to control the resources and methods are completed by use of encryption to protect the information that could be assessed by only an authorized person and it maintains complete confidentiality of the customer’s data.

Integrity

Integrity is used to protect the information from unauthorized changes. An alteration in the data and these measures are used to provide proper insurance and accuracy of complete data and make sure that there is no need to protect the information from other resources as it is completely safe and secure. Monitoring of integrity only includes control access of systems and it makes sure that users can alter the information and unauthorized person could not change or amend any information of the customer. Confidentiality protection is based on the protection of data and integrity expands the concept as no one could change the data. System of owners has integrity about their data and they have also the particular point of view to make sure that transaction across the system takes place with the proper security and there are most notorious field is financial data integrity as there are different speeches by people that some unauthorized person makes fraudulent transactions and enter a fake transaction that is not easy to catch. Hackers also use different schemes to obtaining the necessary information and change the data that is not a good thing, and it is also based on malware software that could delete the data of the customer and also replace the data with genuine information. Much customization information could take place to protect the integrity, and it is also considered to be based on authentication that could be helpful to prevent unauthorized user access to change the data (Boudguiga, et al., 2017).

Availability

To gain an information system, it must be available to authorized users and measures the protector in time and assess the system. There are some fundamental threats to availability as it is nonmalicious and in nature of hardware failure also downtime the network and increase issues. The malicious attack could also impact the performance of the Information system. Availability and responsiveness of any software must be a priority of any business, as availability is a short time that could lead towards revenue generation, customer dissatisfaction, and damage the reputation (Jelacic, Lendak, Stoja, Stanojevic, & Rosic, 2020). The hackers could disrupt the website and could attack develop the website and detect the protection against different attacks and could continue to gain sophistication about attacks and remain in touch with the data. Availability is a countermeasure to protect the attack from different hackers and system have a high requirement of continuous improvement that must be a significant part of our backup service. Large organizations implemented a system that is common to redundant and system in separate physical locations that use tools that must be replaced with the monitor system of performance and network traffic could be used to protect against the attack of data.

Best practice in implementation.

Implementation of CIA trade-in organization must follow several best practices that are divided into two different subjects (Babu, Pavani, & Naidu., 2019). The three categories are subject to include different implementation strategies such as:

Confidentiality

·         Data must be handled that is based on the required privacy policy.

·         Data must be in encrypted form and it was based on making two-factor authentications to reach and assess the data.

·         Keep a sense of control list and file permission to update the data.

Integrity

·         Make sure that employees are acknowledged about compliances and regulatory requirements.

·         Use a backup and recovery system.

·         Make sure that integrity is the use of a controlled version and it could assess the control data logs and check the data.

Availability

·         Utilize preventive measures such as redundancy and other systems that could make sure the applications stay updated.

·         Use a network service that could monitor the system.

·         If data is lost make sure that data recovery and business continuity plan are arranged and it could recover the data.

All these practices would be helpful to implement CIA tried and it would be considered a concept that is used to recognize the computing and accounting records for correct purposes and make easy resources to find the initial data and concept of availability also provide more accuracy about the data.

References

Agarwal, A. (2020). "Investigating design targets for effective performance management system: an application of balanced scorecard using QFD. Journal of Advances in Management Research.

Babu, P. D., Pavani, C., & Naidu., C. E. (2019). "Cyber Security with IOT.". In 2019 Fifth International Conference on Science Technology Engineering and Mathematics (ICONSTEM), vol. 1, pp. 109-113. IEEE .

Boston, I., & Grosu., V. (2011). "Contribution of balanced scorecard model inefficiency of managerial control.". Romanian Journal of Economic Forecasting, 14 (3), 178-199.

Boudguiga, A., Bouzerna, N., Granboulan, L., Olivereau, A., Quesnel, F., Roger, A., et al. (2017). Towards better availability and accountability for iot updates using a blockchain. In 2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW), pp. 50-58. IEEE.

Cherdantseva, Y., & Hilton., J. (2013). "A reference model of information assurance & security.". In 2013 International Conference on Availability, Reliability, and Security, pp. 546-555. IEEE.

Dumitrescu, L., & Fuciu, M. (2009). "BALANCE SCORECARD--A NEW TOOL FOR STRATEGIC MANAGEMENT. Buletin Stiintific , 14 (2).

Fooladvand, M., Yarmohammadian, M. H., & Shahtalebi., S. (2015). "The application strategic planning and balance scorecard modeling in enhance of higher education.". Procedia-Social and Behavioral Sciences , 186, 950-954.

Jelacic, B., Lendak, I., Stoja, S., Stanojevic, M., & Rosic, D. (2020). Security Risk Assessment-based Cloud Migration Methodology for Smart Grid OT Services.". Acta Polytechnica Hungarica, 17 (5), 113-134.

Nørreklit, H., & Mitchell., F. (2014). Contemporary issues on the balanced scorecard. Journal of Accounting & Organizational Change.

Qadir, S., & Quadri., S. M. (2016). "Information availability: An insight into the most important attribute of information security. Journal of Information Security , 7 (3), 185-194.

Tan, Y., Zhang, Y., & Khodaverdi., R. (2017). Service performance evaluation using data envelopment analysis and balanced scorecard approach: An application to the automotive industry.". Annals of Operations Research, 248 (1-2), 449-470.

Wu, S.-I., & Hung, J.-M. (2007). The performance measurement of cause-related marketing by balance scorecard.". Total Quality Management & Business Excellence, 18 (7), 771-791.