EGI-InSPIRE:Plan 2012 SA1.2

From EGIWiki
Revision as of 19:02, 13 December 2011 by Mingchao (talk | contribs)
Jump to: navigation, search

Assessment of progress, 2011

Completed Activities

  • EGI Security Incident Handling Procedure update, available at DocDB here
  • EGI Software Vulnerability Issue Handling Procedure update, available at DocDB here
  • New EGI CSIRT Critical Vulnerability Operational Procedure, available at DocDB here
  • Milestone MS412 - Operational Security Procedures, availabe at DocDB here
  • Plan of Vulnerability Assessment of Grid Middleware used in the EGI infrastructure was produced jointly with EMI, availabe at DocDB here
  • EGI CSIRT/SVG internal detailed procedure for handling critical software vulnerabilities available at EGI private wiki (update is needed as RT was replaced by RTIR)
  • A ticketing system for incident response - RTIR was put into production
  • Security Service challenge 5 EGI run was completed in June 2011, in total 40 EGI sites participated
  • Security dashboard initial release in Q3 of 2011, feedback and further requirement was solicited from NGI security officers. An improved version will be released in Q1 of 2012 (see 2012 plan)
  • Two security training sessions were organized at EGITF 2011. The training was very well received.
  • In 2011, EGI CSIRT organized monthly team meeting and from May 2011, SVG also organized monthly meeting; In 2011, CSIRT organized two face to face meetings and SVG organized one face to face meeting; EGI CSIRT also has weekly operation meeting each Monday morning.
  • As of 28th Nov 2011, totally 28 vulnerabilities were reported

Ongoing Activities

SSC5 regional NGI runs (see 2012 plan below)

Still some improvements need to be made to the use of the RT tracker for vulnerability handling.

D4.4 EGI Security Assessment, Linda Cornwall is the leading author

Plans for 2012

Activities Cross Security Teams

A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall

EGI CSIRT Activities

EGI SVG Activities

  • Revise Vulnerability Issue handing document
  • Continue Vulnerability issue handling
  • Improve RT usage and internal procedures for resolution of issues

Coordination EUGridPMA