The Information Systems Audit and Control Association (ISACA), a nonprofit association of information security, assurance and IT governance professionals, on Wednesday issued a new guidance document outlining a business model for information security. The document is the result of two years of research and expert review and is intended to provide a blueprint to align security projects with business strategy, said Rolf von Roessing, international vice president of ISACA. The technology-neutral model addresses various aspects of IT and privacy and is applicable across industries, countries and regulatory and legal systems. ISACA members can receive the full document for free and nonmembers can receive an introductory guide at no cost. — AM