Usage of the ICT Security Standards
- 444 Downloads
The ICT Security Standards are used both as directives for production and service delivery and as the source of information for customers. This is the idea of the concept called ESARIS Concept of Double Direction Standards (refer to Sect. 4.4). Thus, on the one hand the ICT Security Standards are mapped “upwards” in the hierarchy of standards to the market and the customer requirements. It must be proven to customers that their requirements are met and how. This requires selecting the relevant information from the ESARIS documentation in the first place. A concept is developed for this selection that is called ESARIS Scope of Control. It is complex and needs to be formalized in order to work. Consequently, one section is dedicated to its description (Sect. 7.1). The actual question is: how can it be proven if the requirements of the user organization (customer) are met? Again, there is a model to treat this important issue that is called the ESARIS Customer Fulfillment Model (Sect. 7.2). On the other hand, the ICT Security Standards serve as directives for production and service delivery and are therefore mapped “downwards” in the hierarchy of standards in order to determine if a given ICT service actually complies with ESARIS and its standards. This check is important and again formalized as the ESARIS Compliance Attainment Model (Sect. 7.3) in order to ensure that the analysis provides reliable results.
KeywordsCloud Computing Security Requirement Service Model Customer Requirement Security Measure
Unable to display preview. Download preview PDF.