Notes

This is a space for keeping and discussing notes on the development on MIM6 - Security Management.

Meeting Notes

Working Group Meeting #5 (26 September 2024)

  • The (interim; awaiting formal approval) Champion of MIM6 is Södertälje Municipality. Welcome!

  • Working Group meetings will now be taking place on every fourth Thursday each month, lasting 90 minutes from 13:00-14:30 CE(S)T

  • A suggested new MIMs framework was presented. Discussion on it are ongoing. For MIM6, nothing will initially change

  • The immediate focus for the Working Group is to outline and establish Capabilities before outlining Requirements

  • Additional volunteers are welcome to start working on the MIM's Interoperability Guidance (which can cover a broad range of topics, e.g. infrastructure, implementation, procurement, required skills)

Working Group Meeting #4 (15 May 2024)

  • Agreement on the the MIM6 objective for MIMs 2024/MIMs Plus v7

  • Agreement that "risk assessment is a tool, not an objective" (and thus is not part of this version of the objectives)

  • Work started on discussing Capabilities. The following are early suggestions inspired by MIM1. The comments aim to reflect the thoughts of the audience during the meeting.

    • C1: Applications are able to securely access data from different sources (such as cities, communities and vertical solutions).

    • C2: Applications are able to use both current and historical data, use geospatial querying and be automatically updated when the source data changes. (Comment: Not relevant?)

    • C3: Applications can discover and retrieve data relevant to their context from a variety of sources Covered by C1? (Comment: Covered by C1?)

    • C4: Applications can retrieve a subset of data from a larger data set To detailed for MIM6? (Comment: Too detailed for MIM6?)

Working Group Meeting #3 (11 April 2024)

  • Ongoing work on defining the objective

Working Group Meeting #2 (15 March 2024)

Are the following aspects in scope?

  • Things and southbound APIs

    • Physical device security

    • The sending to and from data sources (databses, data platforms, devices)

    • Provisioning a data source: control plane interoperability (identity management and authorisation)

  • IoT/Data platform

    • Communication between modules

    • Sending of data to northbound APIs

  • Northbound APIs and marketplace enablers

    • Sharing of data

    • Connection to data spaces

    • Identification, authorisation, and monetarisation of services

  • Focus on the data platform itself or also on central/external security systems?

Working Group Meeting #1 (15 February 2024)

  • Establishment of the MIM6 Working Group

  • Meetings to be held on a monthly basis where possible

  • Immediate goal: define an objective by early June 2024 for MIMs 2024/MIMs Plus v7

    • Prior suggestion for objectives:

      • To develop a methodology to help identify security-related risks and choose the right measures to protect systems and data.

      • To provide cities with a framework for governance, risk management and control in the area of cybersecurity, along with a baseline of cybersecurity measures addressing the identified risks and providing a methodology for conducting regular maturity assessments.

Last updated