Abstract:
This paper highlights a part of the results of a doctoral research regarding information security management systems in the context of business excellence conducted by authors in the Research Centre of Business Administration of The Bucharest University of Economic Studies, Romania. The first objective of this paper is to highlight the state of the art regarding information security performance management. A second objective is to study the use of Balanced Scorecard and EFQM Model for business excellence to support the definition and use of a business relevant information security performance management system. The approach is studied on the case of a Romanian telecommunications company for the 2014 cycle of its Information Security Management System. The best practices presented in this paper can be used by organisations of all types wishing to go beyond compliance with the requirements of applicable information security management standards and to leverage information security as a driver of competitive advantage.
