Security standards bodyISACAhas
developed the new business model for information
security.
The free model can be used in enterprises of all sizes and with
any other information security framework already in place. It is
independent of any particular technology and is applicable across
all industries, countries, and regulatory and legal systems, said
ISACA.
It covers traditional information security, privacy, risk,
physical security and compliance.
"Information security managers spend too much of their time
reacting and applying short-term, technology-focused fixes to
rapidly changing threats and regulatory and technological
environments," said Jo Stewart-Rattray, chair of ISACA's security
management committee.
"These solutions are deficient because many security weaknesses
result from poor governance, a dysfunctional culture or untrained
staff - all aspects that ISACA's new business model addresses."
Kent Anderson, a member of ISACA's security management
committee, said, "This is ISACA's first step in transforming the
theoretical model into a practical tool that can be used by
information security practitioners to unify security initiatives
with the business mission.
"The ISACA model is valuable guidance because it takes a strong
business-oriented approach, focusing on people and processes rather
than on technology."
The guide is available as a
free download.