Enterprise Security Architecture for Reliable ICT Services
Script error: No such module "Draft topics".
Script error: No such module "AfC topic".
Enterprise Security Architecture for Reliable ICT Services (ESARIS) is a set of methodologies, processes, practices, and IT security standards to adequately secure IT services.[1][2] ESARIS follows a similar approach to ITIL and ISO/IEC 20000 regarding quality issues in IT service provisioning in that it defines work areas and breaks them down into individual process activities, but ESARIS reuses the work areas and processes from ISO/IEC 20000 and details them for IT security instead of defining a separate process model for it. The ESARIS methodology has been adopted by T-Systems as a basis for their security best practices and IT security framework.[3][4][5] The Federal Ministry of Defence of Germany recommends ESARIS as an exemplary industry standard.[6]
ESARIS was designed by Eberhard von Faber on behalf of and working for T-Systems and as part of his work as professor of IT security. The design of ESARIS took place between 2010[7] and 2016[1] and improved up to 2023.[8]
Short profile[edit]
ESARIS helps organizing IT security throughout the entire supply chain.[9] ESARIS covers the whole provisioning process from portfolio and offering design and implementation all the way down to the different aspects of maintenance in the operational phase. ESARIS builds upon existing processes of IT service management (ISO/IEC 20000 or ITIL), additionally considering internal organization specifics, focusing on the exact technical implementation of security and compliance with security related standards.[1] ESARIS supports communication and cooperation between the parties and emphasises the necessity for contractual agreements on IT security.[10]
ESARIS uses hierarchy and taxonomy to structure and organize[11] security standards, organizational, technical, and procedural security measures as well as guidelines, work instructions, etc. The latter assist employees in guaranteeing the necessary level of IT service security.[1]
Parts of ESARIS are adopted by the industry association Zero Outage Industry Standard and published as a standard.[12][13]
References[edit]
- ↑ 1.0 1.1 1.2 1.3 von Faber, Eberhard; Behnsen, Wolfgang (2017). Secure ICT Service Provisioning for Cloud, Mobile and Beyond (ESARIS: The Answer to the Demands of Industrialized IT Production Balancing Between Buyers and Providers) (2nd ed.). Wiesbaden: Springer Vieweg. doi:10.1007/978-3-658-16482-9. ISBN 978-3-658-16481-2. Unknown parameter
|s2cid=
ignored (help) Search this book on - ↑ Steinacker, Angelika (2019). Sicherheit im Internet der Dinge (IoT), Ein sicheres IoT erfordert neue Denkweisen; Datenschutz und Datensicherheit 43, 403-409. doi:10.1007/s11623-019-1135-1. Unknown parameter
|s2cid=
ignored (help) Search this book on - ↑ "DB Netz AG: Sicherheits-Fundament für die Zukunft".
- ↑ AG, Deutsche Telekom (February 2, 2016). "Experton: Deutsche Telekom is a leading security-services provider". www.telekom.com.
- ↑ "Architektur für die Sicherheit". www.report.at.
- ↑ https://www.bmvg.de/resource/blob/140202/5f48d9a452805e7c3f2e61395682d7a9/ideenpapier-vertrauenswuerdige-it-data.pdf
- ↑ von Faber, Eberhard; Behnsen, Wolfgang (2012). A Systematic Holistic Approach for Providers to Deliver Secure ICT Services; in: ISSE 2012 Securing Electronic Business Processes, Highlights of the Information Security Solutions Europe, ISSE 2012. Wiesbaden: Springer Vieweg. pp. 80–88. doi:10.1007/978-3-658-00333-3_9. ISBN 978-3-658-00332-6. Search this book on Accepted by the program committee and presented at ISSE 2012: https://www.teletrust.de/veranstaltungen/isse/isse-2012/
- ↑ von Faber, Eberhard (2023). IT-Service-Security in Begriffen und Zusammenhängen, Managementmethoden und Rezepte für Anwender und IT-Dienstleister. Wiesbaden: Springer-Verlag. ISBN 978-3-658-41932-5. Search this book on
- ↑ Damm, F., Fischer, HP. Lieferkette: Wie Cyber-Security von adäquater Zusammenarbeit abhängt; Datenschutz und Datensicherheit 43, 418–425 (2019). https://doi.org/10.1007/s11623-019-1137-z
- ↑ Frére, Eric; Zureck, Alexander; Röhrig, Katharina (July 31, 2018). Industry 4.0 in Germany - The Obstacles Regarding Smart Production in the Manufacturing Industry. p. 38. Search this book on
- ↑ Cite error: Invalid
<ref>
tag; no text was provided for refs namedVESNA
- ↑ "Introduction and Overall Picture".
- ↑ "Security Taxonomy for IoT".
External links[edit]
- Videoclip (architecture): ESARIS – the comprehensive security architecture
- Videoclip (standardization): Standardization of IT security with ESARIS
- Zero Outage Industry Standard (security): Security
- Webinar (Zero Outage Industry Standard, 35 min.): Webinar: How to organise IT service security in a larger IT organisation
This article "Enterprise Security Architecture for Reliable ICT Services" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Enterprise Security Architecture for Reliable ICT Services. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.