Chris Stock is the Director of Security and Privacy Management Programs at TM Forum.
The Big Picture
As both the consumer and commercial worlds embrace all things digital, the complexity of integrating and managing digital services will only grow. New services are created every day through a complex value chain of partners.
This results in growing challenges in delivering customer satisfaction and long-term success with new requirements for end-to-end manageability, scalability, efficiency and most critically security and privacy.
The Task at Hand
Our goal is to enable an open digital ecosystem where new services can be delivered quickly, easily and securely using a wide range of business models and partners.
The primary aim of TM Forum’s Security and Privacy Program is to bring security and privacy to the forefront of organizational thinking with an initial focus on underpinning current Forum projects in the areas of Agile Business & IT, Open Digital Ecosystem, and Customer Engagement.
Transform to a digital business safe in the knowledge that security and privacy have been addressed through:
- Understanding the threat, potential impact and what you can do about it
- Guidance on what constitutes a basic and recognized security policy and how to implement it
- Ability to recognize the security and privacy implications of ever-increasing interconnectivity
- Guidance on best practices for ensuring security and privacy across extended value chains
- An approach to securing virtual services
- Extending the threat horizon and warning time through threat intelligence sharing
- Provision of updates, advice and comments on national and international directives legislation pertaining to cybersecurity and privacy.
Forum contribution and value
TM Forum is the ideal place to collaboratively develop security and privacy best practices and guidance needed to enable a secure digital ecosystem. To be effective, security requires collaboration to engender trust. The key is that the security and privacy best practices developed collaboratively are credible and seen as relevant now and in the future – the diverse range of expertise the Forum’s large membership ensures this is the case.
Supporting our members
Get a complete overview on how to manage privacy – addressing individual’s (data subject) wishes, the aims of the data collecting organization (data controller) and any relevant legislation.
This 2015 edition of the TM Forum Fraud Survey assesses how Fraud Management practice is being implemented. It received a total of 51 responses from Communications Service Providers from all around the world. Also includes updated Fraud Management Maturity Model.
The Privacy Management APIs are core to the creation of a trusted ecosystem where parties share common code of conduct and rules regarding Data management, and consequently Data Privacy. The Privacy Management API provides standardized mechanism for privacy profile types, privacy profiles and privacy agreements such as the creation, update, retrieval, deletion and notification of events.
Questions to ask to objectively evaluate a service offering or small supply chain in terms of privacy.
The TM Forum Service Privacy Score v1.0 is designed to simultaneously educate the consumer on Privacy as well as give them the ability to identify the right questions to ask to objectively evaluate a service offering or small supply chain. This places the consumer in more informed control of their informed consent.
Definition of dashboard metrics, sample data and a prototype dashboard that communicates cybersecurity readiness for C-Level management.
Examines every aspect of sharing threat intelligence: the winners and losers, problems associated with sharing, standards that provide support, as well as architecture proposals.
Defines Patch Management KPIs that can be instrumented systematically, encourage good behavior (process improvement), and are implementable across a supply industrial base.
A security model – consisting of process workflow and operational states – that provides a foundation for shared terminology and understanding of concepts.
This report is organized around three use cases in which security management processes play a key role.
In this emerging digital world, organizations, people, devices and information are increasingly interlinked and interdependent. Establishing and ensuring trust and security across the digital domain is a critical issue for every player in the ecosystem. This applies to enterprises engaged in sectors as diverse as communications, finance, healthcare, utilities, public service and machine to machine/Internet of Things.
This report will help you to understand more about the evolving threats to privacy and security, as well as some of the potential results of compromised security, and gain an understanding of cyber-defense measures and practical ways to implement them.