This is a Security and Privacy Balanced Scorecard Report, it is one of reports that Balanced Scorecard Designer can generate for Security and Privacy scorecard. With this software you can also design your own KPIs, Balanced Scorecards and metrics.

Security and Privacy Scorecard

Report includes: 1 month(s) 49 day(s), from 05.04.2008 to 24.05.2008

Name

Start value

End value

Dynamic

Contains

Security and Privacy Scorecard

48,31 %

62,65 %

+ 14,34 %

Financial Perspective	(65,9%, -2,14%)
Employee perspective	(57,1%, 11,57%)
Security compliance	(62,1%, 21,47%)
Incident history	(67,6%, 33,02%)
Security policy effectiveness	(60,5%, 7,73%)

Graph for Security and Privacy Scorecard

Data for Security and Privacy Scorecard

Dates	Value
05.04.2008	48,31
12.04.2008	50,82
19.04.2008	55,72
26.04.2008	55,03
03.05.2008	45,92
10.05.2008	45,22
17.05.2008	43,79
24.05.2008	62,65

Financial Perspective

Name

Start value

End value

Dynamic

Parent

Contains

Financial Perspective

68,07 %

65,93 %

-2,14%

Security and Privacy Scorecard

Indicators

Value-at-Risk

Return on Investment

Collateral damage potential (CDP)

Graph for Financial Perspective

Data for Financial Perspective

Dates	Value	Weight
05.04.2008	68,07	1
12.04.2008	60,33	1
19.04.2008	73,8	1
26.04.2008	39,13	1
03.05.2008	32,23	1
10.05.2008	36,37	1
17.05.2008	43,7	1
24.05.2008	65,93	1

Value-at-Risk

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Value-at-Risk	22,425	24,89	+ 2,465	%	Minimize	Financial Perspective

Description Quantification based on the expected frequency with which attacks seem likely to happen and the loss given event (LGE) provoked by a single attack

Graph for Value-at-Risk

Data for Value-at-Risk

Dates	Weight	Min	Max	Value
05.04.2008	1	5	90	22,425
12.04.2008	1	5	90	19,195
19.04.2008	1	5	90	29,055
26.04.2008	1	5	90	85,24
03.05.2008	1	5	90	63,225
10.05.2008	1	5	90	87,195
17.05.2008	1	5	90	47,67
24.05.2008	1	5	90	24,89

Return on Investment

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Return on Investment	61,52	75,84	+ 14,32	%	Maximize	Financial Perspective

Description The financial benefit of security investment divided by the cost of the investment, multipled by 100

Graph for Return on Investment

Data for Return on Investment

Dates	Weight	Min	Max	Value
05.04.2008	1	10	90	61,52
12.04.2008	1	10	90	10,88
19.04.2008	1	10	90	50,24
26.04.2008	1	10	90	82,08
03.05.2008	1	10	90	12,48
10.05.2008	1	10	90	84,56
17.05.2008	1	10	90	64,8
24.05.2008	1	10	90	75,84

Collateral damage potential (CDP)

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Collateral damage potential (CDP)	1,191	1,833	+ 0,642	Score	Minimize	Financial Perspective

Description The potential for a loss of physical equipment, property damage as a result of a security breach
Target description None (0), low (1), medium (2), or high (3)

Graph for Collateral damage potential (CDP)

Data for Collateral damage potential (CDP)

Dates	Weight	Min	Max	Value
05.04.2008	1	0	3	1,191
12.04.2008	1	0	3	0,102
19.04.2008	1	0	3	0,018
26.04.2008	1	0	3	2,349
03.05.2008	1	0	3	1,137
10.05.2008	1	0	3	2,622
17.05.2008	1	0	3	2,616
24.05.2008	1	0	3	1,833

Employee perspective

Name

Start value

End value

Dynamic

Parent

Contains

Employee perspective

45,5 %

57,07 %

+ 11,57%

Security and Privacy Scorecard

Indicators

User compliance

Employee attitude

Employee awareness

Password effectiveness *

* - Information for this metric is limited in sample report

Graph for Employee perspective

Data for Employee perspective

Dates	Value	Weight
05.04.2008	45,5	1
12.04.2008	38,6	1
19.04.2008	58,63	1
26.04.2008	63,72	1
03.05.2008	47,85	1
10.05.2008	56,02	1
17.05.2008	29,02	1
24.05.2008	57,07	1

User compliance

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	User compliance	87,31	61,12	-26,19	%	Maximize	Employee perspective

Description The number of users compliant with each element of the security policy divided by the total number of users, multiplied by 100

Graph for User compliance

Data for User compliance

Dates	Weight	Min	Max	Value
05.04.2008	1	10	100	87,31
12.04.2008	1	10	100	32,05
19.04.2008	1	10	100	95,5
26.04.2008	1	10	100	93,16
03.05.2008	1	10	100	18,1
10.05.2008	1	10	100	11,26
17.05.2008	1	10	100	38,62
24.05.2008	1	10	100	61,12

Employee attitude

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Employee attitude	41,5	18,1	-23,4	%	Maximize	Employee perspective

Description The percentage of employees with positive attitude toward existig security practices

Graph for Employee attitude

Data for Employee attitude

Dates	Weight	Min	Max	Value
05.04.2008	1	10	100	41,5
12.04.2008	1	10	100	61,21
19.04.2008	1	10	100	66,43
26.04.2008	1	10	100	21,25
03.05.2008	1	10	100	92,17
10.05.2008	1	10	100	86,5
17.05.2008	1	10	100	28,09
24.05.2008	1	10	100	18,1

Employee awareness

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Employee awareness	44,11	74,53	+ 30,42	%	Maximize	Employee perspective

Description The percentage of employees capable of recognizing a security problem and taking appropriate measures to eliminate it

Graph for Employee awareness

Data for Employee awareness

Dates	Weight	Min	Max	Value
05.04.2008	1	10	100	44,11
12.04.2008	1	10	100	28,18
19.04.2008	1	10	100	31,87
26.04.2008	1	10	100	62,83
03.05.2008	1	10	100	70,3
10.05.2008	1	10	100	58,24
17.05.2008	1	10	100	60,85
24.05.2008	1	10	100	74,53

Security compliance

Name

Start value

End value

Dynamic

Parent

Contains

Security compliance

40,63 %

62,1 %

+ 21,47%

Security and Privacy Scorecard

Indicators

Systems Service Level

Network Service Level

Compliant Devices

Graph for Security compliance

Data for Security compliance

Dates	Value	Weight
05.04.2008	40,63	1
12.04.2008	43,1	1
19.04.2008	56,7	1
26.04.2008	64,63	1
03.05.2008	57,83	1
10.05.2008	26,4	1
17.05.2008	41,13	1
24.05.2008	62,1	1

Systems Service Level

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Systems Service Level	79,28	81,12	+ 1,84	%	Maximize	Security compliance

Description Percentage of time that information systems services are
available

Graph for Systems Service Level

Data for Systems Service Level

Dates	Weight	Min	Max	Value
05.04.2008	1	10	90	79,28
12.04.2008	1	10	90	58,64
19.04.2008	1	10	90	20,08
26.04.2008	1	10	90	23,2
03.05.2008	1	10	90	79,6
10.05.2008	1	10	90	62,64
17.05.2008	1	10	90	57,36
24.05.2008	1	10	90	81,12

Network Service Level

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Network Service Level	19,52	54,08	+ 34,56	%	Maximize	Security compliance

Description Percentage of time that network services are available

Graph for Network Service Level

Data for Network Service Level

Dates	Weight	Min	Max	Value
05.04.2008	1	10	90	19,52
12.04.2008	1	10	90	27,52
19.04.2008	1	10	90	78,56
26.04.2008	1	10	90	88,8
03.05.2008	1	10	90	72,16
10.05.2008	1	10	90	16,64
17.05.2008	1	10	90	52,96
24.05.2008	1	10	90	54,08

Compliant Devices

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Compliant Devices	31,06	48,07	+ 17,01	%	Maximize	Security compliance

Description Number of network devices that are security policy compliant, divided by the total number of devices on the network, multiplied by 100

Graph for Compliant Devices

Data for Compliant Devices

Dates	Weight	Min	Max	Value
05.04.2008	1	10	100	31,06
12.04.2008	1	10	100	51,94
19.04.2008	1	10	100	74,62
26.04.2008	1	10	100	81,01
03.05.2008	1	10	100	17,92
10.05.2008	1	10	100	14,59
17.05.2008	1	10	100	19,45
24.05.2008	1	10	100	48,07

Incident history

Name

Start value

End value

Dynamic

Parent

Contains

Incident history

34,6 %

67,62 %

+ 33,02%

Security and Privacy Scorecard

Indicators

Number of Compromises

Organizational Impact of Compromises

Unauthorized accesses

Viruses detected *

* - Information for this metric is limited in sample report

Graph for Incident history

Data for Incident history

Dates	Value	Weight
05.04.2008	34,6	1
12.04.2008	39,65	1
19.04.2008	40,1	1
26.04.2008	64,2	1
03.05.2008	46,55	1
10.05.2008	57,42	1
17.05.2008	54,6	1
24.05.2008	67,62	1

Number of Compromises

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Number of Compromises	200,24	201,04	+ 0,8	%	Minimize	Incident history

Description Number of incidents during a given period in which
network or systems security was compromised divided by industry benchmarking figures, multiplied by 100

Graph for Number of Compromises

Data for Number of Compromises

Dates	Weight	Min	Max	Value
05.04.2008	1	90	250	200,24
12.04.2008	1	90	250	241,36
19.04.2008	1	90	250	209,84
26.04.2008	1	90	250	90,64
03.05.2008	1	90	250	102,32
10.05.2008	1	90	250	176,24
17.05.2008	1	90	250	131,28
24.05.2008	1	90	250	201,04

Organizational Impact of Compromises

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Organizational Impact of Compromises	1,032	0,939	-0,093	%	Minimize	Incident history

Description For each incident, the number of hours, time of day, and people affected by the degradation or disruption of network, systems or application services
Target description None (0), low (1), medium (2), or high (3)

Graph for Organizational Impact of Compromises

Data for Organizational Impact of Compromises

Dates	Weight	Min	Max	Value
05.04.2008	1	0	3	1,032
12.04.2008	1	0	3	1,464
19.04.2008	1	0	3	2,082
26.04.2008	1	0	3	1,17
03.05.2008	1	0	3	2,142
10.05.2008	1	0	3	0,99
17.05.2008	1	0	3	1,638
24.05.2008	1	0	3	0,939

Unauthorized accesses

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Unauthorized accesses	45,394	9,439	-35,96	%	Minimize	Incident history

Description Number of unauthorized access attempts for various
network services (VPN, HTTP, SSH, etc) divided by the total number of access attempts, multiplied by 100

Graph for Unauthorized accesses

Data for Unauthorized accesses

Dates	Weight	Min	Max	Value
05.04.2008	1	3	50	45,394
12.04.2008	1	3	50	23,774
19.04.2008	1	3	50	25,325
26.04.2008	1	3	50	21,941
03.05.2008	1	3	50	28,098
10.05.2008	1	3	50	18,886
17.05.2008	1	3	50	37,78
24.05.2008	1	3	50	9,439

Security policy effectiveness

Name

Start value

End value

Dynamic

Parent

Contains

Security policy effectiveness

52,77 %

60,5 %

+ 7,73%

Security and Privacy Scorecard

Indicators

Vulnerability Counts

Incident Forensics

Remediation Time

Graph for Security policy effectiveness

Data for Security policy effectiveness

Dates	Value	Weight
05.04.2008	52,77	1
12.04.2008	72,43	1
19.04.2008	49,4	1
26.04.2008	43,43	1
03.05.2008	45,13	1
10.05.2008	49,9	1
17.05.2008	50,5	1
24.05.2008	60,5	1

Vulnerability Counts

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Vulnerability Counts	36,32	38,525	+ 2,205	%	Minimize	Security policy effectiveness

Description The number of vulnerabilities found on policy compliant devices divided by the number of vulnerabilities found on policy non-compliant devices

Graph for Vulnerability Counts

Data for Vulnerability Counts

Dates	Weight	Min	Max	Value
05.04.2008	1	5	50	36,32
12.04.2008	1	5	50	18,86
19.04.2008	1	5	50	34,475
26.04.2008	1	5	50	19,175
03.05.2008	1	5	50	7,655
10.05.2008	1	5	50	14,405
17.05.2008	1	5	50	27,32
24.05.2008	1	5	50	38,525

Incident Forensics

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Incident Forensics	10,13	10,51	+ 0,38	%	Minimize	Security policy effectiveness

Description The number of incidents attributable to policy failures divided by the number of policy compliance failures

Graph for Incident Forensics

Data for Incident Forensics

Dates	Weight	Min	Max	Value
05.04.2008	1	5	100	10,13
12.04.2008	1	5	100	11,27
19.04.2008	1	5	100	45,85
26.04.2008	1	5	100	86,985
03.05.2008	1	5	100	82,425
10.05.2008	1	5	100	40,055
17.05.2008	1	5	100	76,155
24.05.2008	1	5	100	10,51

Remediation Time

	Name	Start value	End value	Dynamic	Measure units	Optimization method	Parent
	Remediation Time	2,001	1,146	-0,855	%	Minimize	Security policy effectiveness

Description Time between compromise discovery and completion of system remediation
Target description None (0), low (1), medium (2), or high (3)

Graph for Remediation Time

Data for Remediation Time

Dates	Weight	Min	Max	Value
05.04.2008	1	0	3	2,001
12.04.2008	1	0	3	1,359
19.04.2008	1	0	3	1,299
26.04.2008	1	0	3	1,557
03.05.2008	1	0	3	2,316
10.05.2008	1	0	3	2,775
17.05.2008	1	0	3	0,72
24.05.2008	1	0	3	1,146

Created by: AKS-Labs
Report created with Balanced Scorecard Designer at 28.04.2008 23:59:05