Business Model for Information Security (BMIS) 


What if there was a model that would help security professionals address the complexity of security while encouraging a balance between protection and the business?

There is.

The Business Model for Information Security (BMIS) challenges conventional thinking and enables you to creatively re-evaluate your information security investment.

A Holistic Business Model

The Business Model for Information Security, provides an in-depth explanation to a holistic business model which examines security issues from a systems perspective.

Explore various media, including journal articles, webcasts and podcasts, to delve into the Business Model for Information Security and to learn more about how to have success in the IS field in today's market.

Do you face the following challenges?

  • Senior management’s commitment to information security initiatives
  • Management’s understanding of information security issues
  • Information security planning prior to implementation of new technologies
  • Integration between business and information security
  • Alignment of information security with the enterprise’s objectives
  • Executive and line management’s ownership and accountability for implementing, monitoring and reporting on information security

If so, you are not alone. These challenges are of concern to many security professionals, regardless of location. Although enterprises have improved security technologies, there are still gaps in areas such as security governance, human factors, culture, and planning for the unexpected.

The Business Model for Information Security enables security professionals to examine security from systems perspective, creating an environment where security can be managed holistically, allowing actual risks to be addressed. 

Principles for Information Security Practitioners

The information security principles provide a guide to help those in the security profession add value to their organisations by successfully supporting the business and promoting good practices. They also are a good complement to ISACA’s Business Model for Information Security (BMIS).


If you have questions about ISACA publications and ongoing research, please contact: