Security, assurance and the division of labor

  • Wolfgang BehnsenEmail author
  • Eberhard von FaberEmail author
Part of the Edition <kes> book series (EDKES)


The Enterprise Security Architecture for Reliable ICT Services (ESARIS) that is described in this book is built for an ICT Service Provider that delivers ICT services to user organizations. ESARIS is intended to facilitate the exchange of information between the two parties and serve as a means of balancing security issues or the treatment thereof, respectively. This chapter explains the reasons for the ongoing trend to buy ICT services instead of producing them (Sect. 2.1). It outlines the trade-off between diverging concerns of security or assurance on the one hand and the economies of scale on the other (Sect. 2.2). There are different definitions and understandings of “security” and factors that affect security and risk. The meanings or aspects that are most important in our context will be discussed briefly (Sect. 2.3). Third-party ICT services seem to feature an unfavorable proportion of security and risk. This is to be solved by adding security measures and by providing assurance (Sect. 2.4). User organizations can outsource ICT services to providers but they keep the associated risks for their business. Some general aspects that are to be considered by user organizations are summarized and briefly discussed (Sect. 2.5). This Chap. 2 is not specific to ESARIS; instead it provides an introduction to the context for which ESARIS is built. This introduction focuses to some extent on cloud computing, the emerging ICT service provisioning and deployment model that has the potential to cause a tectonic shift in ICT production and the relation between the provider and the user organization.


Risk Management Cloud Computing Service Model Threat Level Security Objective 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  1. 1., Security Management ProductionT-Systems International GmbHMünchenGermany
  2. 2., Security Consulting and EngineeringT-Systems GEI GmbHBonnGermany

Personalised recommendations