Difference between revisions of "EGI CSIRT:Main Page"
Line 24: | Line 24: | ||
* Follow: '''[[EGI_CSIRT:Incident_reporting|Incident Response Procedure]]''' | * Follow: '''[[EGI_CSIRT:Incident_reporting|Incident Response Procedure]]''' | ||
*What is an [[Incident]] ? | * What is an [[Incident]] ? | ||
=== '''Incident Containment''' === | === '''Incident Containment''' === |
Revision as of 17:23, 19 June 2018
EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
EGI CSIRT Mission
The EGI CSIRT covers all aspects of operational security aimed at achieving a secure infrastructure within EGI and relies on ResourceCenter and NGI security contact information maintained in the GOCDB by each NGI. The EGI CSIRT ensures both the coordination with peer grids and with the NGIs and NREN CSIRTs. The EGI CSIRT acts as a forum to combine efforts and resources from the NGIs in different areas, including Infrastructure wide security monitoring, Security training and dissemination, and improvements in responses to incidents (e.g. security drills). Each NGI will appoint an NGI Security Officer in order to provide the NGI CSIRT function. The resulting group of NGI Security Officers collaborate as part of the EGI CSIRT.
The EGI CSIRT is led and coordinated by the EGI Security Officer, whose role and mission are defined by security policies approved by EGI and the NGIs.
EGI CSIRT Term of Reference (ToR)
Contacts
Incident Response
Incident Response Task Force (IRTF)
https://wiki.egi.eu/wiki/EGI_CSIRT:IRTF
Incident Response in virtualized environments
- Information addressing IR particularities in cloud/virtualized environments.
Communications: How To Report a Security Incident
- Follow: Incident Response Procedure
- What is an Incident ?
Incident Containment
- Contact Security Policy Group (SPG) / Security Vulnerability Group (SVG)
- EGI CSIRT is a Certified Member of Trusted Introducer -->
Forensics
EGI CSIRT Operation Policies and Procedures
Operational Procedures approved by the OMB and PMB of interest for sites and users.
ALL EGI sites are required to follow these procedures in order to report and handle Grid-related security incident. We strongly encourage all the security contacts and system administrators to have a printed copy of all of them.
EGI CSIRT is involved in the Resource Centre Registration and Certification process. To pass the #7 step of the process the site must fulfill the EGI security certification requirements.
Central-emergency-suspension
EGI Central emergency suspension wiki
EGI Advisories and Alerts
Security alerts and/or security advisories are sent to all EGI site security contacts or NGI security officers by EGI CSIRT or the EGI Software Vulnerability Group (SVG) using either an EGI broadcasting tool or a pre-established mailing list. They are listed on SVG Advisories page when they are public. They may cover a wide range of software, including but not limited to the EGI middleware.
Prior to November 2015 alerts associated with more general software such as operating systems, as opposed to grid middleware, were placed on a separate CSIRT Alerts page
EGI CSIRT Members
You can find contact information of the team members here