Security management - Keeping out the bad guys
The TM Forum is learning from its work in the area of defence to outline an approach to security within the cyber community
CICyber security is arguably one of the greatest concerns for companies around the world and an area where big chunks of enterprise budgets are allotted in order to keep sensitive data and other corporate assets safe and sound.
Security management may be top of mind for IT managers and CIOs everywhere, but today the most common way of addressing the threats out there is through highly customised solutions that are specific to a particular company.
While there are plenty of off-the-shelf security solutions on the market many enterprises will use those products in a custom fashion that's geared to their requirements, and often this comes at great expense and effort to their IT department.
There is no doubt that the need to secure cyberspace is practically a mandate at most type of companies; government, private corporations and other enterprises are looking for a safe and reliable environment for their information transactions, and service providers, application developers and solution integrators are realising that they need to take it upon themselves to implement best practices in all aspects of network and data security.
TM Forum may not come to mind immediately when you think about enterprise security, but because our Solution Frameworks and other standards are so widely used at companies around the world, we have jumped into the fray.
Learning from Defence
In 2008, TM Forum launched a Defence Interest Group to acknowledge the fact that defence and military agencies and contractors had been embracing and adopting TM Forum standards such as our Solution Frameworks. The group was formed in order to create a community of interest focused on exploring new areas of standardisation as well as enriching existing TM Forum standards for the defence industry.
Charter members of the group included the U.S. Department of Defense (Defense Information Systems Agency (DISA), and the NATO C3 Agency, and assorted defence contractors and suppliers such as Boeing, Thales Communications, TNO, QinetiQ Ltd., EADS, Logica and more.
Just a few months later the group was promoted to a Sector within TM Forum.
We have a number of defence contractors and related agencies active in TM Forum, which was the impetus of the formation of the Government and Defense Initiatives within our organization, but I really believe there is a huge opportunity for a much larger collaborative effort with regard to security management.
So far, the U.S. DoD has been driving our work in this respect, but because this area is also of great interest in Europe and other parts of the world, we're looking to attract a broader group of members and non-members to learn about TM Forum, understand the applicability of TM Forum best practices and standards as related to defense and most importantly get involved in our work.
Security Management Initiative
With that in mind, earlier this year we launched the Security Management Initiative within our Collaboration Program. While it's being spearheaded by our defence members, the work that will come out of the initiative will have much broader relevance across industries.
The ultimate goal is a product that has some kind of certification or seal of compliance around security. But as you can imagine, it will take a number of smaller steps to reach this end point.
The team has completed a draft whitepaper that will outline our approach to security management and all the areas within TM Forum's Frameworks that have the potential of being impacted by security management or should have security management incorporated.
The second step is our project plan that will lay out exactly when the work will be completed. The end result is to incorporate this work into our Solution Frameworks, and beyond the whitepaper and timeline, we'll also be relying on contributions from within our membership and from outside.
We're looking for anything that will help us reduce the amount of time and effort that it would normally take to complete this work, so we are taking the best of breed that exists today rather than reinventing the wheel by starting from scratch.
Cyber security is a very critical area for companies of all sizes and across all industries. It's an ongoing threat that's not going away, and we hope through our aggressive efforts and work we'll be able to keep the threats at bay.
About the author:
Christy Coffey is Head of Cable Sector and Defense Sector, TM Forum
Share this article with others
Post to del.icio.us
Printed from http://www.eurocomms.com/features/113527/Security_management_-_Keeping_out_the_bad_guys.html
Comment on this article
Skip to comments
We encourage users to analyse, comment on and even challenge European Communications's articles, including the one above - 'Security management - Keeping out the bad guys'
User reviews and comments that include profanity or personal attacks or other inappropriate comments or material will be removed from the site.
Additionally, entries that are unsigned or contain "signatures" by someone other than the actual author will be removed. We will take steps to block users who violate any of our posting standards, terms of use or privacy policies or any other policies governing this site.