This book describes new methods and measures which enable ICT service providers and large IT departments to provide secure ICT services in an industrialized IT production environment characterized by rigorous specialization, standardization and division of labor along the complete supply chain. This book is also for suppliers playing their role in this industry. Even more important, user organizations are given deep insight in secure IT production which allows them to make the best out of cloud, mobile and beyond. This book presents a new organization and classification scheme being thoroughly modular and hierarchical. It contains a security taxonomy that organizes all aspects of modern industrialized IT production. The approach takes operational requirements into account and focuses on user requirements, thus facing the reality in the market economy. Despite cost pressure, providers must ensure security by exploiting economies of scale to raise the efficiency also with respect to security. Furthermore, this book describes a wealth of security measures derived from real-world challenges in IT production and IT service management.
Contents Challenges - Transparency, interaction and standardization - Dimensions, work areas, hierarchy, collaboration model - Security taxonomy and everyday use - Secured by definition: integration with core business - Standardization concepts and practice - Attainment: achieving compliance with standards - Fulfillment: meeting customer demands - Flexibility: managing the supplier network - Maintenance: document management and more - Transformation: sustainable roll-out - Implementation: IT production and its protection in practice - Routine: day-to-day security management using ESARIS Target Groups IT managers and architects of user organizations and ICT service providers, Security managers, Portfolio and process managers, Consultants and auditors, Employees in IT functions being concerned with security, anyone interested in industrialized IT production About the Authors Eberhard von Faber has an about 25-year-industrial experience in information security. His field of work at T-Systems is Security Strategy and Executive Consulting. He is also a professor at Brandenburg University of Applied Science. Wolfgang Behnsen, being retired now, was Senior Security Manager at T-Systems. He worked in several roles in information security management during his professional career. He holds various recognized security certificates and is member of diverse associations.