An architecture is presented that is built as the sole reference for securing ICT services delivered to the market. It provides a specification for implementation during Bid phases through Transformation (project business) as well as for service operations (daily business). Simultaneously, it provides very detailed information to customers that allow them to compare offerings and to assess associated risks. The architecture describes the security procedures and all security controls as part of security standards. These standards provide a specification for implementation and operations in line with ITIL processes. They also provide transparency and evidence since these standards are used to demonstrate how the customer's security requirements are met. Finally, the ICT Service Provider acquires an instrument that allows an active management of information security and that reduces costs while improving quality. This real-world approach is far too complex to be thoroughly described in this paper. So, in this paper a synopsis is being presented instead which depicts some major concepts and models.
展开▼