What You Should Know About Information Leakage BSC

The world’s most powerful search engines, like Google, are not only good at giving precise and informative search results; they are also good mediums for hackers in penetrating your information systems. Now, this may come to you as an alarming statement, but taken seriously, many organizations have already fallen into the pit of security negligence and mishaps. How is this possible? Because search engines like Google can trace whatever visible links you have in your network, especially if these are displayed or linked to your websites. With this, sensitive data like credit card numbers, physical addresses, and email addresses are vulnerable to identity hacking. And what does information leakage BSC got to do with these?The answer is simple. The BSC or balances scorecard for information leakage is the managers’ answer to identity theft and other Internet crimes. It is not a new technology; however, the concept remains the same. The objective is to prove whether you made the right choices for your information security systems. Actually, scorecards are more like a preventive tool. It scans all the activities in your security team and evaluates their performance, which is benchmarked with the company’s strategies to fight information theft. To further understand the function of the BSC for information protection, here are some examples.Suppose the activities of the information of the security team are the following: protecting content on portable computers, PDA’s, or laptops during network disconnection; controlling activities, such as moving, copying, printing, downloading of data by unauthorized employees; controlling the use of portable storage drives, like the removable USB drive, iPod, and other media players; controlling the loss of data on servers, laptops, and desktop computers; and the identification of the residence of classified documents. All of these activities sound really efficient; however, they remain subject to question until the results come from the balanced scorecard.Those activities will be measured according to how the actions were carried or number of miss outs. The ways are diverse, which will be discussed later. But the thing is, without the balanced scorecard, it will be impossible for the security managers to see if their actions were successful or not.The ways of measuring the activities are often called metrics. And there are different metrics, as there are different areas of concern in information security. Generally, there are four: data leakage, IT security, privacy and security, and identity theft risks. Each of these areas has its own set of metrics.Under the IT security, some of the possible metrics are: security plan, security controls, personnel security, contingency planning, data integrity, and security planning.Under the data leakage aspect, there are four common metrics that managers can use. These metrics are the risk management, audit trails, physical and environmental checks, and risk assessment.For the identity theft risks, the metrics for the balances scorecard are: system compliance, incident forensics, computer protection, identity information structure, staff effectiveness, and financial perspective.And finally, under the privacy and security, the following metrics can be applied: employee perspective, financial perspective, incident history, security compliance, and security policy effectiveness.For the security team, these terms may sound very familiar. However, managers and the security personnel should work hand in hand in coming up with practical metrics for the information leakage BSC. As a final note, whatever metrics your team can formulate, make sure that these are goal sensitive, time bound, repeatable, achievable, comparable, specific, and most of all, measurable.