Abstract
The article develops a conceptual framework for strategic implementation of IT security using a balanced scorecard (BSC) approach. Current research has mostly looked at economics of IT security, technical considerations, and behavioral aspects of what counter measures are available to firms instead of how successful or cost effective the investments or counter measures are. More specifically, our article provides a framework for building and implementing scorecards for information security performance management.