ESARIS Security Taxonomy
IT Security Standards are the basis for managing security in a complex, industrialized IT production environment. Standardization is required to reduce costs and to raise quality. Moreover, standardization is required to make achieving an appropriate level of security a manageable task at all. Modern IT services comprise different technologies. Managed IT services add IT service management activities to such functions. The provisioning of technologies and the performance of security related activities is distributed amongst several specialized teams in larger IT services providers and amongst corporations in the supplier network. This is why a classification and organization schema is required. The security measures need to be classified and organized to serve the needs of industrialized IT service provisioning.
The Enterprise Security Architecture for Reliable ICT Services (ESARIS) is a classification and organization schema developed for such purpose. It supports industrialization and the interaction of the parties within the supply chain. It provides transparency by means of a hierarchical and thoroughly modular approach. And it supports the different perspectives of user organizations on the one hand and IT service providers on the other hand thus facing the reality in the market economy. The ESARIS Security Taxonomy in particular is a methodology to organize security measures. In contrast to other schemas, it can be understood and used for any IT personnel since it does not use security terms for the classification. The security measures to be implemented in IT systems and components are classified and organized in areas known in the IT business. Also in contrast to other schemas, it covers all IT service management related activities in order to make security an integral part of everybody’s business. Another unique feature of ESARIS and its Taxonomy is the fact that it is a real architectural approach which does not only tell “what” but also “how”. The most obvious characteristic of architecture is the use of graphical elements which considerably ease understanding and use.
The ESARIS Security Taxonomy is a basis to achieve Zero Outage. It helps providing a comprehensive overview and is a means to exactly deliver content to the target group for which it is relevant and created for. It also adds topics and aspects which are missing in IT service management standards and in standards and best practice catalogs on IT security.