Explain the various
metrics that should be included in an IT Balanced Scorecard which specifically
measures and evaluates IT-related activities.
A balance Scorecard is a management technique that is
used to clarify the strategy and vision of an organization and it is based on
the strategy to do something tangible and that could be measured. The
development behind the Balanced Scorecard is based on the prioritization of
measurement that is considered the most crucial part of an organization. The
system is prioritized with making the balanced scorecard approach as a true
management system that is beyond the measurement system. The history of
Balanced Scorecard is based on the Harvard Business School that was based on
companies managed and business’s financial measurement. Two professors of
Harvard Business School, Kaplan and David Norton recognized as significant
shortcomings that are related to finance as imperative to business health. The
Balanced Scorecard as a solution to the problem and its basic objective is to
translate the corporate strategy to hit the mission and objectives that could
be measured (Fooladvand, Yarmohammadian, & Shahtalebi., 2015). The balanced
scorecard is based on four metrics that would be helpful for the manager to
plan, implement, and attain the business strategy:
Financial metrics: These projects are used to track the financial requirements and
performance of an organization.
Internal business process: Internal business processes are used to measure the critical
customer process requirement.
Customer metrics: It is used to measure the satisfaction and performance of the clients
as it implements to both organization as well as to the product or services that
are provided to the customer.
Knowledge and growth: These metrics are used to measure how an organization educates
employees and providing them technology, training, and knowledge that is
important that is. Important for them to grow and develop.
These metrics are sensitive for every organization to
have in the balanced scorecard as it is based on the metrics that will lead to unbalance
the business situation if these are not implemented (Bostan & Grosu., 2011).
Every individual in the IT industry knows that it is
changing drastically and the company must run in the 21st century
and there is no longer a company that is not implementing information
technology implements. Companies are used to understand that ID is used to
deliver services as business function and organization like marketing and
finance is also required to start and support the intelligence software for further
development and implementation of these metrics. It is a difficult task as it
could measure the pre-existing measurement but with the help of a variety
balanced scorecard, it is helpful to manage strategically and predict the
future. Information technology, also based to own proper typical, relies on
unique metrics to track the performance and also has reactive work with
responding to the helpdesk issues. A strong IT department could not translate
positive performance in different parts of the organization, but it is necessary
to implement a balanced scorecard for the measurement of performance.
After 1995, these four metrics were converted into
corporate contribution, customer orientation, operational excellence, and
future orientation (Nørreklit & Mitchell., 2014). The objective of
metrics was revised for item balance, scorecard to align the IT department and
the rest of the organization also based on the metrics that could be tracked
with the help of organizations with metrics. It was considered easy to work
with this balance scorecard as it was helpful for improvement in efficiency and
customer satisfaction and also provide value to the organization. Organizations
have to decide to implement a balanced scorecard in the most beneficial way for
their bottom line and some consider data organization takes steps and put all
the departments on the same scorecard (Wu & Hung, 2007).
Balance scorecard in IT is focused on the alignment of
languages so that they could understand the measurement of arrangements in
different ways. IT Department could to think about existing measurements of
different areas and implement these metrics to measure the turnover and account
offices performance measurement. Organizations are required to create a
specific IT balanced scorecard that is based on the traditional balance core
caste system added, then redesigns according to the requirement of the IT
department. IT experts recommended that an IT balanced scorecard would be used
with some changes so that they could measure the key performance indicators and
implement different key performance indicators in the business units so that the
performance of every stakeholder such as customer management and employees
could be determined (Agarwal, 2020). It provides operational excellence
that has an implementation of these metrics and providing a positive impact on
the efficiency and software development of the organization. Companies are
implementing an IT-based balanced scorecard approach to develop the company and
determining the success that is highly based on strategic planning. It is a
crucial part as the metrics must be embraced by leadership and top management
to get the proper measurement and it is used properly and accurately. It
includes the balanced scorecard that encourages an organization to get rid of
different kinds of lines that would implement a negative impact on the
strategies of the company that could not be changed.
The balanced scorecard, especially in item balance
scorecard becomes a significant component of every company success and it is
considered that after two to three decades it would be considered a basic
principle for companies but still it helps the different kinds of criticism by
the scholars, as when the balanced scorecard was developed with their work.
Many business strategies face major issues (Tan, Zhang, & Khodaverdi., 2017). It is not based on
formal validation and framework as previous research shows that it seems to be
focused on over handling of with financial stakeholder, but not another
stakeholder of the organization. Balance Scorecard also developed to fit of
radio situation, such as specific ideas. Code card is also working in a
nonprofit organization and the government organizations that may measure the
success of employees much but shows less. The framework also required the
different kinds of redesigning and customization that are rarely provided on
the bottom line and it is highly based on clear recommendations that a
framework of metrics like balance, the scorecard must require proper leadership
and focus to work.
It is concluded that enterprises could be used as a
balanced scorecard for every Department, and they are working in the IT
department. It is not only based on the size, but it could be used for the
development of the organization. IT experts always motivate and encourage the
IT department to implement a balanced scorecard so that they could use it to
build the value of the organization and the company has to adopt different
management techniques to measure the performance, but it balanced scorecards.
It is helpful to look for a new way of measurement of the performance that
means it could provide empowerment to the new projects with innovative ideas.
It could also helpful for encouraging the goals of the organization and also
reinvest in labor with the added values as it shows the critical part of the
development and performance of the organization. With the implementation of the
balanced scorecard, it becomes more traditional and it required agreed on
different areas so that they could implement leadership and stop management
techniques that would be helpful to accept the culture change and easy to
implement the balanced scorecard to measure the performance of the organization
(Dumitrescu & Fuciu, 2009).
Question no. 2
Confidentiality, Integrity, and Availability (CIA) triad and the best practices
needed to implement these pillars of Information Security.
Information Security System is the practice of protecting
the information from different kinds of risk, and it is considered a basic part
of information risk management that involves preventing unauthorized access
from the data. It includes different actions and acts that are used to reduce
and overcome the adverse impact on data, and it could be in the form of
electronic, physical, tangible, and other elements. The basic balance to the
protection of information security is based on confidentiality, integrity, and
availability as also known as the CIA triad. These elements are used to
maintain focus on the efficient policy implementation in the organization, and
it also hampers the productivity of the organization. They perform different
functions such as the identification of information, evaluation of risk,
deciding the threat of risk, and monitoring the activities that could make
adjustment water in sensory issues. CIA triad is based on Confidentiality,
integrity, and availability, and security control and vulnerability that could
be explained as a key concept. It is considered a comprehension concept to
implement in the organization to check the privacy of data (Qadir & Quadri., 2016). Confidentiality is
based on data objects, resources, and protection of data from unauthorized
access and view. Integrity is referred to as data is protected from
unauthorized changes to make sure that it is reliable and correct. Availability
means that authorized users have access to use the data and they are prepared
to provide proper certification that is required to understand the importance
of a CIA trade and definition would base on three elements that would be
explained in the following:
Confidentiality refers to the protection of information
from unauthorized access and misuse of the data. An information system is most
likely to use that some degree of sensitivity exists in the data and it must be
based on the proprietary business information that could compete and use their
advantages in regarding the organizations, employees, and customers of the
organization. Confidential information also has different kinds of value of a
system that could frequently use the data. The vulnerabilities to explore the
threat and it includes direct attacks that could be made for stealing of
password and professional idea of a network. It could attack in different kinds
of breaches of contract on an international level, and also have few types of
common accidental breaches that include email sensitive information sent to the
wrong recipient. There are also some common types of breaching the contract and
also based on leaving the confidential information to be displayed on the
monitor of an unauthorized person. The Healthcare industry is a basic example
of obligations to protect the data for the client in information in a very high
and confidential way. Patients expect and demand to provide proper privacy to
the health care provider and follow strict regulations to governing their data
and health insurance portability and Accountability Act also addressed the
security measures that provide complete privacy tool handle the information of
the insurer and company (Cherdantseva & Hilton., 2013). It makes sure that
physical and technical safeguards must be required for the organization to
analyze to be well aware of the risk. Procedures and different software are
used to control the resources and methods are completed by use of encryption to
protect the information that could be assessed by only an authorized person and
it maintains complete confidentiality of the customer’s data.
Integrity is used to protect the information from
unauthorized changes. An alteration in the data and these measures are used to
provide proper insurance and accuracy of complete data and make sure that there
is no need to protect the information from other resources as it is completely
safe and secure. Monitoring of integrity only includes control access of
systems and it makes sure that users can alter the information and unauthorized
person could not change or amend any information of the customer.
Confidentiality protection is based on the protection of data and integrity
expands the concept as no one could change the data. System of owners has
integrity about their data and they have also the particular point of view to
make sure that transaction across the system takes place with the proper
security and there are most notorious field is financial data integrity as
there are different speeches by people that some unauthorized person makes
fraudulent transactions and enter a fake transaction that is not easy to catch.
Hackers also use different schemes to obtaining the necessary information and
change the data that is not a good thing, and it is also based on malware software
that could delete the data of the customer and also replace the data with
genuine information. Much customization information could take place to protect
the integrity, and it is also considered to be based on authentication that
could be helpful to prevent unauthorized user access to change the data (Boudguiga, et al., 2017).
To gain an information system, it must be available to
authorized users and measures the protector in time and assess the system.
There are some fundamental threats to availability as it is nonmalicious and in
nature of hardware failure also downtime the network and increase issues. The
malicious attack could also impact the performance of the Information system.
Availability and responsiveness of any software must be a priority of any
business, as availability is a short time that could lead towards revenue
generation, customer dissatisfaction, and damage the reputation (Jelacic, Lendak, Stoja, Stanojevic, & Rosic,
The hackers could disrupt the website and could attack develop the website and
detect the protection against different attacks and could continue to gain
sophistication about attacks and remain in touch with the data. Availability is
a countermeasure to protect the attack from different hackers and system have a
high requirement of continuous improvement that must be a significant part of
our backup service. Large organizations implemented a system that is common to
redundant and system in separate physical locations that use tools that must be
replaced with the monitor system of performance and network traffic could be
used to protect against the attack of data.
Best practice in implementation.
Implementation of CIA trade-in organization must follow
several best practices that are divided into two different subjects (Babu, Pavani, & Naidu., 2019). The three
categories are subject to include different implementation strategies such as:
Data must be in encrypted form and it was based on making two-factor authentications
to reach and assess the data.
Keep a sense of control list and file permission to update the data.
Make sure that employees are acknowledged about compliances and
Use a backup and recovery system.
Make sure that integrity is the use of a controlled version and it could
assess the control data logs and check the data.
Utilize preventive measures such as redundancy and other systems that
could make sure the applications stay updated.
Use a network service that could monitor the system.
If data is lost make sure that data recovery and business continuity
plan are arranged and it could recover the data.
All these practices would be helpful to implement CIA
tried and it would be considered a concept that is used to recognize the
computing and accounting records for correct purposes and make easy resources
to find the initial data and concept of availability also provide more accuracy
about the data.
Agarwal, A. (2020).
"Investigating design targets for effective performance management system:
an application of balanced scorecard using QFD. Journal of Advances in
Babu, P. D., Pavani, C.,
& Naidu., C. E. (2019). "Cyber Security with IOT.". In 2019
Fifth International Conference on Science Technology Engineering and
Mathematics (ICONSTEM), vol. 1, pp. 109-113. IEEE .
Boston, I., & Grosu., V.
(2011). "Contribution of balanced scorecard model inefficiency of
managerial control.". Romanian Journal of Economic Forecasting, 14
Boudguiga, A., Bouzerna, N.,
Granboulan, L., Olivereau, A., Quesnel, F., Roger, A., et al. (2017). Towards
better availability and accountability for iot updates using a blockchain. In
2017 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW),
pp. 50-58. IEEE.
Cherdantseva, Y., &
Hilton., J. (2013). "A reference model of information assurance &
security.". In 2013 International Conference on Availability,
Reliability, and Security, pp. 546-555. IEEE.
Dumitrescu, L., & Fuciu,
M. (2009). "BALANCE SCORECARD--A NEW TOOL FOR STRATEGIC MANAGEMENT. Buletin
Stiintific , 14 (2).
Yarmohammadian, M. H., & Shahtalebi., S. (2015). "The application
strategic planning and balance scorecard modeling in enhance of higher
education.". Procedia-Social and Behavioral Sciences , 186,
Jelacic, B., Lendak, I.,
Stoja, S., Stanojevic, M., & Rosic, D. (2020). Security Risk Assessment-based
Cloud Migration Methodology for Smart Grid OT Services.". Acta
Polytechnica Hungarica, 17 (5), 113-134.
Nørreklit, H., &
Mitchell., F. (2014). Contemporary issues on the balanced scorecard. Journal
of Accounting & Organizational Change.
Qadir, S., & Quadri., S.
M. (2016). "Information availability: An insight into the most important
attribute of information security. Journal of Information Security ,
7 (3), 185-194.
Tan, Y., Zhang, Y., &
Khodaverdi., R. (2017). Service performance evaluation using data envelopment
analysis and balanced scorecard approach: An application to the automotive
industry.". Annals of Operations Research, 248 (1-2), 449-470.
Wu, S.-I., & Hung, J.-M.
(2007). The performance measurement of cause-related marketing by balance
scorecard.". Total Quality Management & Business Excellence, 18