This book introduces a reference architecture that enhances the security of services offered in the information and communication technology (ICT) market. It enables customers to compare offerings and to assess risks when using third-party ICT services including cloud computing and mobile services. Service providers are given a comprehensive blueprint for security implementation and maintenance covering service portfolio management, bid phases and realization projects as well as service delivery management. The architecture is completely modular and hierarchical. It contains a security taxonomy organizing all aspects of modern industrialized ICT production. The book also describes a wealth of security measures derived from real-world challenges in ICT production and service management. In this book a reference architecture is introduced enhancing the security of the services offered in the information and communication technology (ICT) market. Customers will be able to compare offerings and to assess risks associated with using third-party ICT services including cloud computing and mobile services. Service providers are provided with a comprehensive blueprint for security implementation and maintenance covering service portfolio management, bid phases and realization projects as well as the service delivery management. The architecture is thoroughly modular and hierarchical. It contains a security taxonomy that organizes all aspects of modern industrialized ICT production. The book also describes a wealth of security measures derived from real-world challenges in ICT production and service management.
Contents
Security, assurance and the division of labor Framework, Industrialization concept Work areas, Collaboration model, Hierarchy of security standards, Usage model Security taxonomy: Derivation, Map, Content, Specification concept Production security in practice: Evidence and customer relation, Service management, ICT service access, IT service production, Certification and risk management - Customer fulfillment model, Compliance attainment model Rollout process
Target Groups
IT managers and architects of user organizations and ICT service providers, Security managers, Portfolio and process managers, Consultants and auditors, Employees in IT functions being concerned with security, anyone interested in industrialized ICT production
About the Authors
Eberhard von Faber has more than 20 years industrial experience in information security. His workspace at T-Systems is Security Strategy and Executive Consulting. He is also a professor at Brandenburg University of Applied Science.
Wolfgang Behnsen is Senior Security Manager at T-Systems. He worked in several roles in information security management. He holds several recognized security certificates and is member of diverse associations.

Spécifications