In different sectors of human activities, organizations are adopting information technology (IT) more intensively, exposing sensitive and confidential information of employees and customers. This situation makes public and private entities to develop standards and regulations to protect these information assets, ensuring confidentiality, integrity and availability. As a result of the study, a Balanced Scorecard model that links the critical security controls of the CIS is formulated and supported by an office IT application as a preliminary tool that facilitates the presentation of the results. Such results highlight that the highest proportion (80%) of the preliminary application that occurred in five institutions agrees with the proposed model and its usefulness for monitoring and managing security controls.

In different sectors of human activities, organizations are adopting information technology (IT) more intensively, exposing sensitive and confidential information of employees and customers. This situation makes public and private entities to develop standards and regulations to protect these information assets, ensuring confidentiality, integrity and availability. As a result of the study, a Balanced Scorecard model that links the critical security controls of the CIS is formulated and supported by an office IT application as a preliminary tool that facilitates the presentation of the results. Such results highlight that the highest proportion (80%) of the preliminary application that occurred in five institutions agrees with the proposed model and its usefulness for monitoring and managing security controls.