CONFERENCE Watch Now: Threat Detection & Incident Response (TDIR) Summit - Watch Event On-Demand
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

ISACA Issues New “Business Model for Information Security”

New Information Security Resource Provides Guidance that Addresses the People, Process, Organization and Technology Aspects of Information Security.

The ISACA this week published the Business Model for Information Security (BMIS), as an educational resource for security professionals and to provide comprehensive guidance that addresses the people, process, organization and technology aspects of information security.

New Information Security Resource Provides Guidance that Addresses the People, Process, Organization and Technology Aspects of Information Security.

The ISACA this week published the Business Model for Information Security (BMIS), as an educational resource for security professionals and to provide comprehensive guidance that addresses the people, process, organization and technology aspects of information security.

The Business Model for Information Security (BMIS) presents a holistic, dynamic solution for designing, implementing and managing information security. As an alternative to applying controls to apparent security symptoms in a cause-and-effect pattern, BMIS examines the entire enterprise system, allowing management to address the source of problems.

Business Model for Information Security

BMIS can be used in enterprises of all sizes and was developed to be compatible with other information security frameworks that may already in place. It’s vendor and technology neutral and is applicable across all industries, countries, and regulatory and legal systems. It encompasses traditional information security and privacy, and provides links to risk, physical security and compliance.

“Too much time is being spent on providing reactive, short-term, technology-focused solutions to constantly changing environments,” said Jo Stewart-Rattray, CISA, CISM, CGEIT, director of information security at RSM Bird Cameron and a member of ISACA’s Knowledge Board. “This type of fix is short-sighted. It does not prevent security weaknesses resulting from poor governance, a dysfunctional culture or untrained staff—all aspects addressed by this new model.”

“ISACA has transformed the theoretical model into a practical tool that security practitioners can use to connect security projects with business strategy,” said Rolf von Roessing, CISA, CISM, CGEIT, international vice president of ISACA. “The Business Model for Information Security takes a business-oriented approach, focusing on people and processes in addition to technology.”

The ISACA says that to understand the model, it is important to distinguish amongst models, standards and frameworks. While BMIS can help overcome some of the known difficulties in information security, it is primarily a model that must be supported by additional standards and frameworks.

The ISACA is a nonprofit association that serves more than 95,000 information security, assurance and IT governance professionals.

Advertisement. Scroll to continue reading.

BMIS is available as a free download to ISACA’s members. Nonmembers can purchase print editions for $60 and members can purchase print copies for $45. A free introductory guide is available to all at: www.isaca.org/bmis.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

Jeremy Koppen has left Mandiant after 13 years to become the CISO of Equifax.

Engineering and technology solutions provider Amentum has appointed Max Shier as its CISO.

PAM provider Keeper Security has appointed Shane Barney as its Chief Information Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.