Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:Plan 2012 SA1.2"

From EGIWiki
Jump to navigation Jump to search
Line 50: Line 50:


* Improve RT usage and internal procedures for resolution of issues
* Improve RT usage and internal procedures for resolution of issues


==Coordination EUGridPMA==
==Coordination EUGridPMA==

Revision as of 18:02, 13 December 2011

Assessment of progress, 2011

Completed Activities

  • EGI Security Incident Handling Procedure update, available at DocDB here
  • EGI Software Vulnerability Issue Handling Procedure update, available at DocDB here
  • New EGI CSIRT Critical Vulnerability Operational Procedure, available at DocDB here
  • Milestone MS412 - Operational Security Procedures, availabe at DocDB here
  • Plan of Vulnerability Assessment of Grid Middleware used in the EGI infrastructure was produced jointly with EMI, availabe at DocDB here
  • EGI CSIRT/SVG internal detailed procedure for handling critical software vulnerabilities available at EGI private wiki (update is needed as RT was replaced by RTIR)
  • A ticketing system for incident response - RTIR was put into production
  • Security Service challenge 5 EGI run was completed in June 2011, in total 40 EGI sites participated
  • Security dashboard initial release in Q3 of 2011, feedback and further requirement was solicited from NGI security officers. An improved version will be released in Q1 of 2012 (see 2012 plan)
  • Two security training sessions were organized at EGITF 2011. The training was very well received.
  • In 2011, EGI CSIRT organized monthly team meeting and from May 2011, SVG also organized monthly meeting; In 2011, CSIRT organized two face to face meetings and SVG organized one face to face meeting; EGI CSIRT also has weekly operation meeting each Monday morning.
  • As of 28th Nov 2011, totally 28 vulnerabilities were reported

Ongoing Activities

SSC5 regional NGI runs (see 2012 plan below)

Still some improvements need to be made to the use of the RT tracker for vulnerability handling.

D4.4 EGI Security Assessment, Linda Cornwall is the leading author

Plans for 2012

Activities Cross Security Teams

A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall

EGI CSIRT Activities

EGI SVG Activities

  • Revise Vulnerability Issue handing document
  • Continue Vulnerability issue handling
  • Improve RT usage and internal procedures for resolution of issues

Coordination EUGridPMA