WISE 2016 WISE a global trust community where
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different einfrastructures Nicole Harris / Alf Moens
Introduction to WISE • Why WISE? • Participating in WISE • WISE working groups 2016 • Past and future events
Why WISE? Use of the high-end e-infrastructures is still growing Collaboration is a key asset of the e-infrastructures A growing number of users are involved with multiple e-infrastructures Security Incident Response is professionally covered with intensive collaboration within an e-Infrastructure • Trust amongst infrastructures needs more: WISE will build a trust framework based on international standards • •
Participants in WISE • WISE is for the e-infrastructures, globally, both networking and superand gridcomputing infrastructures. • WISE was initiated by Géant SIG-ISM and SCI • SIG-ISM: Information Security Management • SCI: Security for Collaboration among Infrastructures • “Launching” e-infrastructures: • • Géant (European Research and education networks) EGI (European Grid Infratsructure) EUDAT (research data services) PRACE (High Performance Computing) • Participating communities • NRENs, HEP/CERN, the Human Brain Project, XSEDE, NCSA, CTSC
Working program 2016 – 5 topics • • • Updating the SCI-framework Security Training and Awareness Risk Assessment Security Review and Audit Security in Big and Open Data
SCIV 2: the SCI framework • The SCI group has alrweady defined best practices, trust and policy standards for collaboration with the aim of managing cross-infrastructure operational security risks. Through this work the aim has been to establish a common understanding of the security measures each infrastructure has implemented and to start work on guidelines for interoperation such as the exchange of information during security incident handling. • It is clear that a wider range of stakeholders needs to be involved, specifically the NRENs, and that we need to address any conflicts for new participants that are present in the first version • This working group of WISE will work towards version 2 of the SCI document • Chair: Dave Kelsey (STFC)
STAA: Security Training and Awareness • The WISE community we recognise that there is a broad need for security training and for awaress materials • We also see there is a lot of material available • This working grouop will: • • • Identify 5 to 10 most relevant training topics for the coming 3 years collect good training practices; collect information about relevant existing trainings by the infrastructures; map out the need for organising joint training events on specific topics; map out the need for developing trainings; set up a basic training and awareness programme for organisations in the WISE community, identifying which trainings are needed. • Chair: Alf Moens (SURFnet)
RAW: Risk Assessment • Large e-infrastructures are vulnerable to high-impact security incidents because of the relatively easy way that an incident may spread among partner organisations due to the collaborative services that exist among them. So it is important that each member organisation has a trusted level of implemented security procedures. • This working group has the objective to provide e-infrastructures, and their member organisations, with guidelines on how risk assessments can be effectively implemented. As input, experience from member organisations will be used. • Chair: Jules Wolfrat (SURFsara, PRACE)
SRA: Security Review and Audit • Information security is known to be a complex and constantly evolving, with several subdomains and approaches. It is often non-trivial to reliably identify the current state of information security within an organisation or related to a technology. • A proven method to obtain objective and comprehensive information about the current state of information security is to perform security reviews and security audits. • The main activities for SRA-WG are to: • follow and contribute to the development of security audits and reviews among the constituents; • share related best practices for implementations; • promote related research and disseminate findings of reviews; • contribute to the development of security standards and frameworks; • promote peer reviews. • Chair: Urpo Kaila (CSC, EUDAT)
SBOD: Security in Big and Open Data • The Security in Big and Open Data (SBOD) working group focuses on security issues that arise when dealing with big and open data especially within the e-infrastructures. Security issues in this context concentrate on confidentiality, integrity and availability. Confidentiality regulates access to the information, integrity assures that the information is trustworthy, i. e. has not been changed without authorisation, and availability guarantees access to the information by authorised people at any time. • SBOD intends to focus on high level security issues. Issues only specific / pertaining to CSIRTs (computer security incident response teams) are out of the scope of this working group. • Chair: Alessandra Scicchitano (GÉANT)
Participate in WISE • Interested in any of the working group subjects? • Contact the workgoup chair and let’s work together • Subscribe to the workgroup mailinglist on the WISE website • www. wise-community. org
1 st WISE workshop in Barcelona, oktober 2015, 49 participants 2 nd workshop (probable) in July 2016 during XSEDE conference in Miami
- Slides: 12