Business Model for Information Security (BMIS) Fact Sheet 

BMIS Logo 

The Business Model for Information Security (BMIS) provides a holistic model that examines security issues from a systems perspective.

About BMIS

This business-oriented approach to managing information security provides a common language for information security and business management to talk about information protection. It enables security professionals to examine security from a systems perspective, creating an environment where security can be managed holistically, allowing actual risks to be addressed.

BMIS Materials

BMIS components include:

  • An Introduction to the Business Model for Information Security—This introduction guide, with case study, is the first document in a series planned around the Business Model for Information Security. Based on the Systemic Security Management, developed by the USC Marshall School of Business Institute for Critical Information Infrastructure Protection, the model will turn the theoretical approach into a practical tool for enterprises. This introductory guide provides a starting point for discussion and future development. It defines the core concepts that will evolve into practical aids that information security and business unit managers can use to align security program activities with organizational goals and priorities, effectively manage risk, and increase the value of information security program activities to the enterprise. An Introduction to the Business Model for Information Security is available as a complimentary download at www.isaca.org/bmis.
  • The Business Model for Information Security is available as a complimentary download to members at www.isaca.org/bmis. It is available for purchase from the ISACA Bookstore at www.isaca.org/bookstore.

COBIT 5 Incorporates BMIS:

The scope of the guidance provided in BMIS has been incorporated into the latest thinking offered in COBIT 5. More information on COBIT 5 can be found at www.isaca.org/cobit.

BMIS Recognitions

  • An abstract by Rolf von Roessing on BMIS is included in a book titled, ISSE 2009 Securing Electronic Business Processes.

BMIS in the News

  • A SearchCompliance.com article titled, “Business Model for Information Security: Security Right the First Time,” announced the availability of BMIS.
  • A January 2009 InfoSecurity article titled, “ISACA Unveils New IT Security Business Model,” announced the availability of BMIS.
  • A January 2009 article in Entrepreneur titled, “New ISACA Business Model,” announced the availability of BMIS.

Contact:

Kristen Kessinger, +1.847.660.5512
Joanne Duffer, +1.847.660.5564
news@isaca.org