ROLLING MEADOWS, Ill.--(BUSINESS WIRE)--Information security breaches continue to plague enterprises worldwide, despite the use of the latest technology. Solving these issues requires more than just gadgets and software. To provide information security professionals with comprehensive guidance that addresses the people, process, organization and technology aspects of information security, ISACA issued today the results of two years of research and expert review: the Business Model for Information Security (BMIS), available as a free download from www.isaca.org/bmis.

BMIS can be used in enterprises of all sizes and is compatible with other information security frameworks already in place. It is independent of any particular technology and is applicable across all industries, countries, and regulatory and legal systems. It encompasses traditional information security and privacy, and provides links to risk, physical security and compliance.

“Too much time is being spent on providing reactive, short-term, technology-focused solutions to constantly changing environments,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, director of information security at RSM Bird Cameron and a member of ISACA’s Knowledge Board. “This type of fix is short-sighted. It does not prevent security weaknesses resulting from poor governance, a dysfunctional culture or untrained staff—all aspects addressed by this new model.”

ISACA, a nonprofit association that serves more than 95,000 information security, assurance and IT governance professionals, based the model on the Systemic Security Management framework developed by the Institute for Critical Information Infrastructure Protection (ICIIP) at the University of Southern California (USA).

“ISACA has transformed the theoretical model into a practical tool that security practitioners can use to connect security projects with business strategy,” said Rolf von Roessing, CISA, CISM, CGEIT, international vice president of ISACA. “The Business Model for Information Security takes a business-oriented approach, focusing on people and processes in addition to technology.”

BMIS is available as a free download to ISACA members at www.isaca.org/bmis. Nonmembers can purchase print or PDF editions from www.isaca.org/bookstore. A free introductory guide is available to all at www.isaca.org/bmis.

About ISACA

With 95,000 constituents in 160 countries, ISACA (www.isaca.org) is a leading global provider of knowledge, certifications, community, advocacy and education on information systems assurance and security, enterprise governance and management of IT, and IT-related risk and compliance. ISACA administers the globally respected CISA, CISM, CGEIT and CRISC certifications and continually updates COBIT.

Follow ISACA on Twitter: http://twitter.com/ISACANews