Goals

Synchronizing Balanced Scorecards - Part IV

Balanced Scorecards are considered an effective means to assist the entity’s oversight committee and operational management in achieving information security, IT and business alignment. The aim of instituting performance measurements is to permit activities transparency that enables circumspective managerial decisions. A comprehensive set of entity-centric measures or indicators tied to performance requirements can represent a visible strategic foundation for alignment of all associated activities with entity-centric goals.

“View Part I of the Synchronizing Balanced Scorecards series here“

Synchronizing Balanced Scorecards - Part III

Balanced Scorecard is a strategic planning and management system that can be utilized in for-profit and not-for-profit entities for business activities alignment to the organizational mission, communication improvement as well as monitoring performance against strategic goals. Balanced Scorecard is considered a ‘value-added’ performance measurement framework — through strategic non-financial performance measures — that supplies expanded organizational performance visualization. Methodologically, Balanced Scorecard builds on a few previously established management concepts including customer-defined quality, continuous improvement, employee empowerment, and ‘measurement-based’ management as well as feedback.

Balanced scorecard deployment integrates feedback from internal business process outputs while obtaining feedback from business strategy outcomes. Consequently, this creates a “double-loop feedback” system within the balanced scorecard implementation. The standardized Balanced Scorecard perspectives are: Learning and Growth, Business Process, Customer, and Financial. This general balanced scorecard theory can transmute to measure information security objectives achievement utilizing Business Contribution, Future Orientation, Operational Excellence, and Customer Orientation categories for continuously improving strategic performance and results.

“View Part I of the Synchronizing Balanced Scorecards series here“

Synchronizing Balanced Scorecards - Part II

Typically, measures or indicators should be selected from factors that lead to improved employee, customer, operational, and/or financial performance. Performance measures or indicators are assessable products’ or services‘ characteristics utilized to track and improve organizational results. Most modern entities depend upon performance measurement and analysis to ensure directional attentiveness. Measurements should be derived from the entity’s strategy and provide critical data and information about key processes, systems and programs. Correspondingly, one major consideration in performance improvement involves the creation and usage of performance measures or indicators. Through analysis of data generated by deployed tracking processes, adopted measures or indicators may be adaptively evaluated and changed to improve managerial goals support.

“View Part I of the Synchronizing Balanced Scorecards series here“

Synchronizing Balanced Scorecards - Part I

With the introduction of ‘Balanced Scorecard’ theory, management has the option to view the entity from four perspectives and develop metrics, collect data as well as perform analyzes relative to standardized abstraction levels. Organizational balanced score-carding provides a visible prescription regarding what an entity should measure to symmetrize the generally supported financial approach that has overshadowed holistic management. By definition, the Balanced Scorecard is a management system that enables vision and associated strategy crystallization for focused execution. However, Balanced Scorecard also drives feedback from internal business processes and external outcomes in order to continuously improve strategic performance and results. When managerially integrated, the balanced scorecard transforms strategic planning from periodic documentation drills into addressable governance items.

Developing Objectives - Part IV

MBO is a participative behavioral approach to managing employees. One of the primary MBO assumptions is that employees prefer to work hard once they are provided with employer expectations. Intuitively, sustaining accepted expectations necessitates employees believe stated intentions are achievable. Therefore, MBO imposes consideration and incorporation of employee views concerning objectives to enable effective and efficient information assets protection processes.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part III

A system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security management’s role in policy formulation includes considering the control environment, risk assessments, information, communication, and activities. Though policies are an important means to convey expected behavior, even more critical is determining the effectiveness of adopted IT safeguarding objectives. Effectiveness evaluation requires measurement against established information security standards. Consequently, ratiocinative information security standards must be designed and implemented.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part II

Within behavioral management theory, entity leaders have alternative approaches available to accomplish information assets safeguarding objectives development — including participative, consultative, free rein, and autocratic models. Participative behavioral management emphasizes consideration and incorporation of employee views in decisions, while maintaining managerial decision authority. Consultative behavioral management stresses consideration of employee views, without incorporation, while maintaining managerial decision authority. Free rein management allows employees to make their own decisions concerning subject matters. Lastly, autocratic management underscores dictating decisions to employees. Based on empirical evidence, most entities currently prefer deploying a participative approach to managing entity-centric objectives development.

Setting objectives and establishing processes to accomplish designed objectives is a managerial responsibility. Tactically, the manager responsible for a plan’s implementation should set objectives with advice obtained from the entity’s planning committee, top-level executives and line subordinates. To this end, the Management by Objectives (MBO) methodology normally drives employee consensus building. However, an entity’s planning committee and top-level executives may be too removed from daily information security operations to yield reasonable objectives. Furthermore, line subordinates may have limited knowledge concerning organizational intricacies to permit adopting recommended information security objectives. Therefore, a security manager may have to rely on evaluating generally accepted information security frameworks to develop entity-centric objectives.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part I

There exist various theories regarding managing employees. Behavioral management theorists believe leadership traits are not genetic. Thus, leaders assume distinct behaviors that can be studied and applied according to individual perceptions of assigned responsibility. When an individual is consigned leadership, managerial responsibility for the assignment’s duration is implied, if not explicitly stated.