Information security governance as key performance indicator for financial institutions

Abstract

Information security governance as key performance indicator for financial institutions Due to their nature financial institutions and their performance are in constant focus of attention from different stakeholder groups. These groups according to their functions and interests are implementing different sets of key performance indicators for financial institution performance assessment. In the proposed paper authors present a hypothesis of information security governance being a financial institution key performance indicator. Authors provide high level overview of existing situation in key performance indicator domain for financial institutions. The overview of stakeholder groups interested in financial institution performance management is provided. In the same way as corporate governance is treated as financial and operational performance reflecting and influencing factor, information security governance as a component of corporate governance, according to authors' opinion, should be treated as key performance indicator for financial institutions. In the paper the most indicative financial performance indicators as well as their calculation methods are defined for financial institutions. The paper contains overview of information security assessment models and researches in this field. Authors have chosen information security maturity model to use in testing hypothesis. The paper contains description of calculation methodology for financial performance indicators and information security maturity indicators. The hypothesis has been proved performing analysis of correlation between calculated financial performance indicators and information security governance model indicators for chosen Latvian financial institutions.