This paper, a research in progress, presents a balanced scorecard based framework for managing and evaluating the performance of information security in organizations. Acknowledging the multi-dimensionality of information security and the various value propositions of different constituents, we contend that for organizations to maximize the value of their information security effort, they should strike a balance between four information security capabilities pertaining to four perspectives: the financial, the customer, the internal processes, and the learning and growth perspectives. The proposed framework supplements the traditional financial perspective with three non-financial perspectives and thus accounts for the qualitative and intangible benefits of information security. Furthermore, it captures the technical and socio-organizational dimensions of information security. Finally, the proposed framework, through its robust theoretical and methodological foundation, holds the promise of maximizing the effectiveness of the information security endeavor in organizations.