All of these activities sound really efficient

All of these activities sound really efficient; however, they remain subject to question until the results come from the balanced scorecard.Those activities will be measured according to how the actions were carried or number of miss outs. The ways are diverse, which will be discussed later. But the thing is, without the balanced scorecard, it will be impossible for the security managers to see if their actions were successful or not.The ways of measuring the activities are often called metrics. And there are different metrics, as there are different areas of concern in information security. Generally, there are four: data leakage, IT security, privacy and security, and identity theft risks. Each of these areas has its own set of metrics.Under the IT security, some of the possible metrics are: security plan, security controls, personnel security, contingency planning, data integrity, and security planning.Under the data leakage aspect, there are four common metrics that managers can use. These metrics are the risk management, audit trails, physical and environmental checks, and risk assessment.For the identity theft risks, the metrics for the balances scorecard are: system compliance, incident forensics, computer protection, identity information structure, staff effectiveness, and financial perspective.And finally, under the privacy and security, the following metrics can be applied: employee perspective, financial perspective, incident history, security compliance, and security policy effectiveness.For the security team, these terms may sound very familiar. However, managers and the security personnel should work hand in hand in coming up with practical metrics for the information leakage BSC. As a final note, whatever metrics your team can formulate, make sure that these are goal sensitive, time bound, repeatable, achievable, comparable, specific, and most of all, measurable.