ESARIS Security Taxonomy

IT Security Standards are the basis for managing security in a complex, industrialized IT production environment. Standardization is required to reduce costs and to raise quality. Moreover, standardization is required to make achieving an appropriate level of security a manageable task at all. Modern IT services comprise different technologies. Managed IT services add IT service management activities to such functions. The provisioning of technologies and the performance of security related activities is distributed amongst several specialized teams in larger IT services providers and amongst corporations in the supplier network. This is why a classification and organization schema is required. The security measures need to be classified and organized to serve the needs of industrialized IT service provisioning.

The Enterprise Security Architecture for Reliable ICT Services (ESARIS) is a classification and organization schema developed for such purpose. It supports industrialization and the interaction of the parties within the supply chain. It provides transparency by means of a hierarchical and thoroughly modular approach. And it supports the different perspectives of user organizations on the one hand and IT service providers on the other hand thus facing the reality in the market economy. The ESARIS Security Taxonomy in particular is a methodology to organize security measures. In contrast to other schemas, it can be understood and used for any IT personnel since it does not use security terms for the classification. The security measures to be implemented in IT systems and components are classified and organized in areas known in the IT business. Also in contrast to other schemas, it covers all IT service management related activities in order to make security an integral part of everybody’s business. Another unique feature of ESARIS and its Taxonomy is the fact that it is a real architectural approach which does not only tell “what” but also “how”. The most obvious characteristic of architecture is the use of graphical elements which considerably ease understanding and use.

The ESARIS Security Taxonomy is a basis to achieve Zero Outage. It helps providing a comprehensive overview and is a means to exactly deliver content to the target group for which it is relevant and created for. It also adds topics and aspects which are missing in IT service management standards and in standards and best practice catalogs on IT security.

Published with kind permission of Springer Vieweg | Springer Fachmedien Wiesbaden GmbH
This paper contains texts and illustrations from a text book [1] (1st and 2nd edition) published by Springer Vieweg.
More information can be found here:


Eberhard von Faber, Wolfgang Behnsen

Secure ICT Service Provisioning for Cloud, Mobile and Beyond

This book describes new methods and measures which enable ICT service providers and large IT departments to provide secure ICT services in an industrialized IT production environment characterized by rigorous specialization, standardization and division of labor along the complete supply chain. This book is also for suppliers playing their role in this industry. Even more important, user organizations are given deep insight in secure IT production which allows them to make the best out of cloud, mobile and beyond. This book presents a new organization and classification scheme being thoroughly modular and hierarchical. It contains a ...