ESARIS Security Taxonomy

Abstract

Level 4 in the Hierarchy of Security Standards plays an important role since it serves both as directives for ICT production and delivery (provider’s side) and as a source of information for the user organization (customer’s side). This level comprises all security aspects that are relevant for the security of ICT services. Both the ICT services and the security aspects are diverse. An ordering schema is required and the individual security measures are assigned to separate ICT Security Standards in order to allow the efficient extraction of information required by user organizations. Such a structure or ordering schema, referred to below as taxonomy, is also required to enable the ICT Service Provider to produce and maintain the documentation of security measures. There are several conditions or requirements to be met by the taxonomy. These are identified and analyzed first (Sect. 5.1). Then the taxonomy is presented and explained step by step; first by explaining the three groups in the whole map, then by dividing up the whole map into six clusters (Sect. 5.2) and, finally, by briefly defining each ICT Security Standard in the context of its cluster (Sect. 5.3). After having defined the organization of security measures and standards, a structure is defined that organizes the internal content of all standards (Sect. 5.4). This does not really belong to the taxonomy itself, but further binding conditions are formulated along the primary parameters for ESARIS: hierarchical approach, modularity and standardization. A brief summary of the procedure and result is provided at the end of this chapter (Sect. 5.5).