The idea behind the model - which will be distributed to the not-for-profit IT security association's 86 000-plus members worldwide - is to act as a benchmark as members develop and evolve IT security policy strategies within their organisations.
According to Jo Stewart-Rattray, ISACA's security management committee chairperson, IT security managers spend too much of their time reacting and applying short-term, technology-focused fixes to rapidly changing threats and regulatory and technological environments.
"These solutions are deficient because many security weaknesses result from poor governance, a dysfunctional culture or untrained staff - all aspects that ISACA Information Security Model addresses, she says.
The model, says Stewart-Rattray, who is director of information security at RSM Bird Cameron in Adelaide, Australia, and was appointed director of ISACA last July, can be applied in enterprises of all sizes and, perhaps more importantly, with any other ITsec framework already in place.
Infosecurity notes that the model includes traditional IT security, and also privacy, and linkages to risk, physical security and compliance.