Managing IT Service Security Methods and Recipes for User Organizations and Providers Along the Supply Chain

This book is about managing the security of IT services in terms of organization, orchestration, and optimization. It compresses the complex subject matter into individual terms and their definition, and it exploits systematics and terminology to create order, illuminate relationships, and provide concrete support for implementing IT service security successfully and with an eye for the essentials.

The book describes a management system called ESARIS (Enterprise Security Architecture for Reliable ICT Services) with field-proven methods and recipes. This metasystem or security architecture builds on more than a decade of day-to-day experience in the IT industry with multi-national customers. To enable the reader to fully exploit the guidance given, explicit definitions are provided for about 75 terms that can be used to look up a topic. Numerous figures and tables further support orientation and understanding, together with detailed introductions and explanations they offer acomprehensive presentation of IT service security issues and solutions.

This book is written for professionals with IT service providers (including IT departments), user organizations (including business units) or manufacturers, vendors, and suppliers.

Preface. -The Environment. - The Metasystem. - Assurance Management. - Taxonomy.- Document and Library Structure. - Secured by Definition. - Supply-Chain Relationship Management. - Cyber-Physical Systems (IoT and OT). - Perception, Knowledge, Competencies. -  References.- Index.

Eberhard von Faber is Chief Security Advisor, IT Services, at T-Systems and a part-time professor for IT security at Brandenburg University of Applied Sciences, Germany. Prior to this, he had worked in various fields in security engineering, consulting and evaluation of products and solutions, and as head of staff of a business unit of an IT group specializing in IT security services. He is the author of several books and more than 170 publications and conference contributions. His special focus is on the efficient execution of IT security, the implementation in complex delivery networks and the relationship between customers and IT service providers.