Security Governance
Overview
The purpose of security and privacy governance is twofold:
- To present a high-level assessment of the security and privacy risks that developers need to think about when implementing elements of the Open Digital Architecture (ODA) ecosystem.
- To provide guidance and a clear starting point for the detailed risk assessment and mitigations required to implement and deploy ODA components.
Why is it important?
While traditional, monolithic OSS/BSS systems can be security hardened at their physical boundaries, ODA requires a shift to a model-driven, component-based method that potentially increases the attack surfaces. To mitigate this risk, our team has created an ODA model-driven security and privacy governance framework based on DevOps principles and practices, zero-trust principles and software-defined security perimeters.
How can it help me?
TM Forum members can benefit from the work already undertaken by the Security and Privacy Governance team.
What has been accomplished so far?
As a necessary first step, the team identified the security and privacy considerations that needed to be addressed in each of the main ODA architecture viewpoints: Business, Information Systems, Implementation, and Deployment and Run-time architectures.
It then set out an ODA security and privacy vision that informed the ODA governance framework and helped establish industry use of enterprise risk assessment methods when deploying the ODA functional architecture.
What’s next?
The governance team is now documenting the conclusions drawn about security and privacy implementation during our Open Digital Lab realisations of ODA Components and their environment. It is also incorporating relevant industry best practices into an ODA security implementation guide.
To find out more about TM Forum’s security and privacy governance work, please browse through the contents and resources in this section. If you (as a TM Forum member) would like to contribute please join the End-to-end ODA project (details below).
| Resource Name | Document version | Document type | Team Approved Date | Download |
|---|---|---|---|---|
| 2.0.0 | Exploratory Report | 1 Oct 2021 | ||
| 1.0.0 | Exploratory Report | 2 Oct 2020 | ||
| 1.0.1 | Exploratory Report | 17 Jun 2019 |
Collaboration Projects
End-to-end ODA project
Be a part of the team that captures the 'voice of the member' to ensure that ODA assets from different teams converge, join-up, and are useable.
Contributing companies and project leaders
End-to-end ODA project
Be a part of the team that captures the 'voice of the member' to ensure that ODA assets from different teams converge, join-up, and are useable.
Contributing companies and project leaders
End-to-end ODA project
Be a part of the team that captures the 'voice of the member' to ensure that ODA assets from different teams converge, join-up, and are useable.
Contributing companies and project leaders
End-to-end ODA project
Be a part of the team that captures the 'voice of the member' to ensure that ODA assets from different teams converge, join-up, and are useable.
Contributing companies and project leaders
End-to-end ODA project
Be a part of the team that captures the 'voice of the member' to ensure that ODA assets from different teams converge, join-up, and are useable.
Contributing companies and project leaders
End-to-end ODA project
Be a part of the team that captures the 'voice of the member' to ensure that ODA assets from different teams converge, join-up, and are useable.
Contributing companies and project leaders
