An Introduction to the Business Model for Information Security explains the new business model, which is independent of any particular technology.
The framework can be applied across all industries, countries and regulatory/legal systems, and covers information security, privacy, risk, physical security and compliance issues, according to ISACA. It includes advice on aligning IT security programme activities with organisational goals and priorities, and increasing the value of security activities to the enterprise.
"This is ISACA's first step in transforming the theoretical model into a practical tool that can be used by information security practitioners to unify security initiatives with the business mission," said Kent Anderson, a member of ISACA's Security Management Committee.
"The ISACA model is valuable guidance because it takes a strong business-oriented approach, focusing on people and processes rather than on technology."
ISACA will release a practitioners' guide and an executives' guide later in the year.