Production versionIG1187 ODA Enterprise Risk Assessment v2.0.0
- Maturity level: Level 4 - Forum Approved
Created By: End to End ODA Project
The purpose of this document is two fold:
- To present a high-level assessment of the security and privacy risks that have to be considered when implementing elements of the TMF Open Digital Architecture (ODA) ecosystem.
- To provide guidance and a place to start for the detailed risk assessment required to implement and deploy ODA components.
An enterprise risk assessment is an absolute necessity prior to implementation and deployment of any aspect of the ODA. The threat landscape and the regulatory environment such as the European General Data Protection Regulation (GDPR) do not allow treating risks for security and privacy as secondary requirements.
The assessment can positively affect the likelihood and consequences of risks materializing, as well as deliver benefits related to better informed design, implementation and operations decisions for the ODA.
Benefits accrued to enterprises following an enterprise risk management model include reduced cost of investment, more accurate business reporting, competitive advantage, improved perception of the organization, better marketplace presence and, in the case of digital business ecosystems, a healthy business community.
The primary audience for this document are ODA architects, designers and security experts.
The intention of this write-up is to provide a place to start when doing the detailed risk assessment and mitigation planning for a concrete implementation.
This document therefore does not remove the need for such detailed threat assessments. But it should deliver a list of considerations that should allow streamlining and shorten such efforts.
General Information