Advertisement

Usage of the ICT Security Standards

  • Wolfgang BehnsenEmail author
  • Eberhard von FaberEmail author
Chapter
  • 444 Downloads
Part of the Edition <kes> book series (EDKES)

Abstract

The ICT Security Standards are used both as directives for production and service delivery and as the source of information for customers. This is the idea of the concept called ESARIS Concept of Double Direction Standards (refer to Sect. 4.4). Thus, on the one hand the ICT Security Standards are mapped “upwards” in the hierarchy of standards to the market and the customer requirements. It must be proven to customers that their requirements are met and how. This requires selecting the relevant information from the ESARIS documentation in the first place. A concept is developed for this selection that is called ESARIS Scope of Control. It is complex and needs to be formalized in order to work. Consequently, one section is dedicated to its description (Sect. 7.1). The actual question is: how can it be proven if the requirements of the user organization (customer) are met? Again, there is a model to treat this important issue that is called the ESARIS Customer Fulfillment Model (Sect. 7.2). On the other hand, the ICT Security Standards serve as directives for production and service delivery and are therefore mapped “downwards” in the hierarchy of standards in order to determine if a given ICT service actually complies with ESARIS and its standards. This check is important and again formalized as the ESARIS Compliance Attainment Model (Sect. 7.3) in order to ensure that the analysis provides reliable results.

Keywords

Cloud Computing Security Requirement Service Model Customer Requirement Security Measure 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer Fachmedien Wiesbaden 2012

Authors and Affiliations

  1. 1., Security Management ProductionT-Systems International GmbHMünchenGermany
  2. 2., Security Consulting and EngineeringT-Systems GEI GmbHBonnGermany

Personalised recommendations