Supplier Management Model
Information security is gaining ever more significance. This development is due to the constant increase and widening use of IT – also in areas that had no former IT support or simply did not even exist. As a result, the number of threats to IT is on the rise as well. Some of these have only become possible because of the way we use IT and what we do with it. The business world strongly depends on having reliable IT services.
Today’s IT service provision is characterized by a high degree of division of labor, specialization and standardization. An apparent element of this division of labor is the fact that user organizations draw on the IT services of specialized IT service providers. This process, referred to as “IT outsourcing”, transfers the responsibility for service provision, including security, to the IT service provider. However, there are other elements. Division of labor can be observed in the internal organizations of large-scale, industrialized IT production, but it expands to the whole supply chain, since partners and suppliers are decisively involved in modern IT service provisioning (“industrialization of IT”).
The security management of the IT service provider (producer) and that of the user organization (customer) are interwoven. The same is true for the relation between the IT service provider and its partners and suppliers. Costs, deployment time and flexibility are essential today, making standardization of security a critical success factor. – Existing security standards (norms) do not reflect this situation and do not meet the challenges sufficiently. This is why the Zero Outage Industry Standard association defines its goal as being one that gathers and enhances existing concepts in order that a de-facto industry standard which fills the gaps be created.
Eberhard von Faber, Wolfgang Behnsen
Secure ICT Service Provisioning for Cloud, Mobile and Beyond
This book describes new methods and measures which enable ICT service providers and large IT departments to provide secure ICT services in an industrialized IT production environment characterized by rigorous specialization, standardization and division of labor along the complete supply chain. This book is also for suppliers playing their role in this industry. Even more important, user organizations are given deep insight in secure IT production which allows them to make the best out of cloud, mobile and beyond. This book presents a new organization and classification scheme being thoroughly modular and hierarchical. It contains a ...