Difference between revisions of "EGI-InSPIRE:Plan 2012 SA1.2"
Jump to navigation
Jump to search
Line 36: | Line 36: | ||
= Plans for 2012 = | = Plans for 2012 = | ||
==Activities Cross Security Teams== | |||
A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall | A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall |
Revision as of 17:27, 13 December 2011
Assessment of progress, 2011
Completed Activities
- EGI Security Incident Handling Procedure update, available at DocDB here
- EGI Software Vulnerability Issue Handling Procedure update, available at DocDB here
- New EGI CSIRT Critical Vulnerability Operational Procedure, available at DocDB here
- Milestone MS412 - Operational Security Procedures, availabe at DocDB here
- Plan of Vulnerability Assessment of Grid Middleware used in the EGI infrastructure was produced jointly with EMI, availabe at DocDB here
- EGI CSIRT/SVG internal detailed procedure for handling critical software vulnerabilities available at EGI private wiki (update is needed as RT was replaced by RTIR)
- A ticketing system for incident response - RTIR was put into production
- Security Service challenge 5 EGI run was completed in June 2011, in total 40 EGI sites participated
- Security dashboard initial release in Q3 of 2011, feedback and further requirement was solicited from NGI security officers. An improved version will be released in Q1 of 2012 (see 2012 plan)
- Two security training sessions were organized at EGITF 2011. The training was very well received.
- In 2011, EGI CSIRT organized monthly team meeting and from May 2011, SVG also organized monthly meeting; In 2011, CSIRT organized two face to face meetings and SVG organized one face to face meeting; EGI CSIRT also has weekly operation meeting each Monday morning.
- As of 28th Nov 2011, totally 28 vulnerabilities were reported
Ongoing Activities
SSC5 regional NGI runs (see 2012 plan below)
Still some improvements need to be made to the use of the RT tracker for vulnerability handling.
D4.4 EGI Security Assessment, Linda Cornwall is the leading author
Plans for 2012
Activities Cross Security Teams
A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall
EGI CSIRT Activities
EGI SVG Activities
- Revise Vulnerability Issue handing document
- Continue Vulnerability issue handling
- Improve RT usage and internal procedures for resolution of issues