The Standard

Supplier Management Model

Information security is gaining ever more significance. This development is due to the constant increase and widening use of IT – also in areas that had no former IT support or simply did not even exist. As a result, the number of threats to IT is on the rise as well. Some of these have only become possible because of the way we use IT and what we do with it. The business world strongly depends on having reliable IT services.

Today’s IT service provision is characterized by a high degree of division of labor, specialization and standardization. An apparent element of this division of labor is the fact that user organizations draw on the IT services of specialized IT service providers. This process, referred to as “IT outsourcing”, transfers the responsibility for service provision, including security, to the IT service provider. However, there are other elements. Division of labor can be observed in the internal organizations of large-scale, industrialized IT production, but it expands to the whole supply chain, since partners and suppliers are decisively involved in modern IT service provisioning (“industrialization of IT”).

The security management of the IT service provider (producer) and that of the user organization (customer) are interwoven. The same is true for the relation between the IT service provider and its partners and suppliers. Costs, deployment time and flexibility are essential today, making standardization of security a critical success factor. – Existing security standards (norms) do not reflect this situation and do not meet the challenges sufficiently. This is why the Zero Outage Industry Standard association defines its goal as being one that gathers and enhances existing concepts in order that a de-facto industry standard which fills the gaps be created.

Published with kind permission of Springer Vieweg | Springer Fachmedien Wiesbaden GmbH
This paper contains texts and illustrations from a text book [1] (1st and 2nd edition) published by Springer Vieweg.
More information can be found here: http://www.springer.com/de/book/9783658164812

News

Eberhard von Faber, Wolfgang Behnsen

Secure ICT Service Provisioning for Cloud, Mobile and Beyond

This book describes new methods and measures which enable ICT service providers and large IT departments to provide secure ICT services in an industrialized IT production environment characterized by rigorous specialization, standardization and division of labor along the complete supply chain. This book is also for suppliers playing their role in this industry. Even more important, user organizations are given deep insight in secure IT production which allows them to make the best out of cloud, mobile and beyond. This book presents a new organization and classification scheme being thoroughly modular and hierarchical. It contains a ...