This is a IT Security Balanced Scorecard Report, it is one of reports that Balanced Scorecard Designer can generate for IT Security scorecard. With this software you can also design your own KPIs, Balanced Scorecards and metrics.

IT Security Scorecard

Report includes: 1 month(s) 49 day(s), from 05.04.2008 to 24.05.2008

Name

Start value

End value

Dynamic

Contains

IT Security Scorecard

40,11 %

42,26 %

+ 2,15 %

Risk Management	(67,2%, 13,82%)
Contingency Planning	(42,3%, 8,68%)
System Life Cycle	(56,1%, -6,86%)
Personnel Security	(20,4%, -1,33%)
Data Integrity	(19,7%, -13,94%)

Graph for IT Security Scorecard

Data for IT Security Scorecard

Dates	Value
05.04.2008	40,11
12.04.2008	54,65
19.04.2008	49,53
26.04.2008	28,58
03.05.2008	36,64
10.05.2008	56,37
17.05.2008	54,77
24.05.2008	42,26

Risk Management

Name

Start value

End value

Dynamic

Parent

Contains

Risk Management

53,36 %

67,18 %

+ 13,82%

IT Security Scorecard

Indicators

Security Plan

Security Controls

Graph for Risk Management

Data for Risk Management

Dates	Value	Weight
05.04.2008	53,36	3
12.04.2008	95,94	3
19.04.2008	18,42	3
26.04.2008	26,7	3
03.05.2008	36,6	3
10.05.2008	58,46	3
17.05.2008	41,3	3
24.05.2008	67,18	3

Security Plan

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Security Plan	10,4	40,9	+ 30,5	%	Maximize	Risk Management

Description Description: Security Plan metrics quantify the percentage of systems with approved system security plans and the percentage of current system security plans.

Measure: The percentage of systems with approved system security plans."

Graph for Security Plan

Data for Security Plan

Dates	Weight	Min	Max	Value
05.04.2008	4	0	100	10,4
12.04.2008	4	0	100	94,8
19.04.2008	4	0	100	5,7
26.04.2008	4	0	100	17,1
03.05.2008	4	0	100	41,7
10.05.2008	4	0	100	47
17.05.2008	4	0	100	27,5
24.05.2008	4	0	100	40,9

Security Controls

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Security Controls	82	84,7	+ 2,7	%	Maximize	Risk Management

Description Description: Security Controls metrics determine the efficiency of closing significant system weaknesses by evaluating the existence, the timeliness and effectiveness of a process for implementing corrective actions.

Measure: The time required for implementing corrective actions"

Graph for Security Controls

Data for Security Controls

Dates	Weight	Min	Max	Value
05.04.2008	6	0	100	82
12.04.2008	6	0	100	96,7
19.04.2008	6	0	100	26,9
26.04.2008	6	0	100	33,1
03.05.2008	6	0	100	33,2
10.05.2008	6	0	100	66,1
17.05.2008	6	0	100	50,5
24.05.2008	6	0	100	84,7

Contingency Planning

Name

Start value

End value

Dynamic

Parent

Contains

Contingency Planning

33,61 %

42,29 %

+ 8,68%

IT Security Scorecard

Indicators

Backup Frequency

Incident Response Capability

Graph for Contingency Planning

Data for Contingency Planning

Dates	Value	Weight
05.04.2008	33,61	2
12.04.2008	33,11	2
19.04.2008	26,85	2
26.04.2008	30,67	2
03.05.2008	38,37	2
10.05.2008	42,38	2
17.05.2008	77,89	2
24.05.2008	42,29	2

Backup Frequency

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Backup Frequency	10,3	32	+ 21,7	%	Maximize	Contingency Planning

Description Description: Backup Frequency depends on changes frequency and data value

Measure: Backup frequency time period"

Graph for Backup Frequency

Data for Backup Frequency

Dates	Weight	Min	Max	Value
05.04.2008	7	0	100	10,3
12.04.2008	7	0	100	5,3
19.04.2008	7	0	100	0
26.04.2008	7	0	100	33,1
03.05.2008	7	0	100	22,2
10.05.2008	7	0	100	39,8
17.05.2008	7	0	100	87,1
24.05.2008	7	0	100	32

Incident Response Capability

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Incident Response Capability	88	66,3	-21,7	%	Maximize	Contingency Planning

Description Description: Incident Response Capability metrics quantify the percentage of agency components with incident handling and response capability and the number of incidents reported to FedCIRC, NIPC, and local law enforcement

Measure: The number of components with incident handling and response capability"

Graph for Incident Response Capability

Data for Incident Response Capability

Dates	Weight	Min	Max	Value
05.04.2008	3	0	100	88
12.04.2008	3	0	100	98
19.04.2008	3	0	100	89,5
26.04.2008	3	0	100	25
03.05.2008	3	0	100	76,1
10.05.2008	3	0	100	48,4
17.05.2008	3	0	100	56,4
24.05.2008	3	0	100	66,3

System Life Cycle

Name

Start value

End value

Dynamic

Parent

Contains

System Life Cycle

63 %

56,14 %

-6,86%

IT Security Scorecard

Indicators

OMB requirement

Audit Trails

Graph for System Life Cycle

Data for System Life Cycle

Dates	Value	Weight
05.04.2008	63	1
12.04.2008	38,08	1
19.04.2008	49,22	1
26.04.2008	58,32	1
03.05.2008	60,14	1
10.05.2008	54,3	1
17.05.2008	28,76	1
24.05.2008	56,14	1

OMB requirement

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	OMB requirement	75,8	76,3	+ 0,5	%	Maximize	System Life Cycle

Description The percentage of systems that are in compliance with the OMB requirement for integrating security costs into the system life cycle

Measure: Systems with integrating security costs"

Graph for OMB requirement

Data for OMB requirement

Dates	Weight	Min	Max	Value
05.04.2008	6	0	100	75,8
12.04.2008	6	0	100	1,4
19.04.2008	6	0	100	36,3
26.04.2008	6	0	100	55,2
03.05.2008	6	0	100	37,7
10.05.2008	6	0	100	55,7
17.05.2008	6	0	100	27
24.05.2008	6	0	100	76,3

Audit Trails

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Audit Trails	43,8	25,9	-17,9	%	Maximize	System Life Cycle

Description Audit Trails metrics quantify the percentage of systems on which audit trails provide a trace of user actions

Measure: Systems on which audit trails provide a trace of user actions"

Graph for Audit Trails

Data for Audit Trails

Dates	Weight	Min	Max	Value
05.04.2008	4	0	100	43,8
12.04.2008	4	0	100	93,1
19.04.2008	4	0	100	68,6
26.04.2008	4	0	100	63
03.05.2008	4	0	100	93,8
10.05.2008	4	0	100	52,2
17.05.2008	4	0	100	31,4
24.05.2008	4	0	100	25,9

Personnel Security

Name

Start value

End value

Dynamic

Parent

Contains

Personnel Security

21,74 %

20,41 %

-1,33%

IT Security Scorecard

Indicators

Security Awareness

Authentication and Authorize Processing

Graph for Personnel Security

Data for Personnel Security

Dates	Value	Weight
05.04.2008	21,74	2
12.04.2008	36,75	2
19.04.2008	77,2	2
26.04.2008	16,85	2
03.05.2008	39,02	2
10.05.2008	44,88	2
17.05.2008	45,39	2
24.05.2008	20,41	2

Security Awareness

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Security Awareness	17,6	4,3	-13,3	%	Maximize	Personnel Security

Description Description: Security Awareness metrics concern with the percentage of employees with significant security responsibilities who have received specialized training.

Measure: Employees who have received specialized security training"

Graph for Security Awareness

Data for Security Awareness

Dates	Weight	Min	Max	Value
05.04.2008	7	0	100	17,6
12.04.2008	7	0	100	35,4
19.04.2008	7	0	100	68,8
26.04.2008	7	0	100	14,9
03.05.2008	7	0	100	50,3
10.05.2008	7	0	100	28,8
17.05.2008	7	0	100	36
24.05.2008	7	0	100	4,3

Authentication and Authorize Processing

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Authentication and Authorize Processing	31,4	58	+ 26,6	%	Maximize	Personnel Security

Description Description: Authentication and Authorize Processing measurements.

Measure: Non-public data that is accessible after authorization"

Graph for Authentication and Authorize Processing

Data for Authentication and Authorize Processing

Dates	Weight	Min	Max	Value
05.04.2008	3	0	100	31,4
12.04.2008	3	0	100	39,9
19.04.2008	3	0	100	96,8
26.04.2008	3	0	100	21,4
03.05.2008	3	0	100	12,7
10.05.2008	3	0	100	82,4
17.05.2008	3	0	100	67,3
24.05.2008	3	0	100	58

Data Integrity

Name

Start value

End value

Dynamic

Parent

Contains

Data Integrity

33,68 %

19,74 %

-13,94%

IT Security Scorecard

Indicators

Logical Access Controls

Anti-virus and spyware protection

Graph for Data Integrity

Data for Data Integrity

Dates	Value	Weight
05.04.2008	33,68	2
12.04.2008	40,44	2
19.04.2008	91,36	2
26.04.2008	26,16	2
03.05.2008	20,86	2
10.05.2008	79,76	2
17.05.2008	74,22	2
24.05.2008	19,74	2

Logical Access Controls

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Logical Access Controls	87,2	3,9	-83,3	%	Maximize	Data Integrity

Description Description: Logical Access Controls metrics concern with the number of users with access to security software that are not security administrators

Measure: The number of users with access to security software that are not security administrators"

Graph for Logical Access Controls

Data for Logical Access Controls

Dates	Weight	Min	Max	Value
05.04.2008	2	0	100	87,2
12.04.2008	2	0	100	63,4
19.04.2008	2	0	100	69,6
26.04.2008	2	0	100	34
03.05.2008	2	0	100	73,9
10.05.2008	2	0	100	52
17.05.2008	2	0	100	94,7
24.05.2008	2	0	100	3,9

Anti-virus and spyware protection

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Anti-virus and spyware protection	20,3	23,7	+ 3,4	%	Maximize	Data Integrity

Description Description: The number of systems protected with anti-virus, anti-spyware and firewall software

Graph for Anti-virus and spyware protection

Data for Anti-virus and spyware protection

Dates	Weight	Min	Max	Value
05.04.2008	8	0	100	20,3
12.04.2008	8	0	100	34,7
19.04.2008	8	0	100	96,8
26.04.2008	8	0	100	24,2
03.05.2008	8	0	100	7,6
10.05.2008	8	0	100	86,7
17.05.2008	8	0	100	69,1
24.05.2008	8	0	100	23,7

Created by: AKS-Labs
Report created with Balanced Scorecard Designer at 28.04.2008 23:53:09