The guide, Information Security Governance: Guidance for Information Security Managers, aims to address a range of issues, including cost-effectiveness, risk management, performance measurement, resource management and process assurance.
It suggests actions that security professionals and board-level executives could take to help build effective governance over information security.
Krag Brotby, author of the guide said: "Information security program activities must be thoroughly planned, effectively executed and constantly monitored at the highest levels of the organisation. Failure to do so can cuase significant financial losses or reputational damage."
Brotby added: "Information security is truly one of those areas in which preparation is infinitely more valuable than remediation".
The guide is available from the online bookstore of membership association ISACA. ISACA set up the IT Governance Institute ten years ago.