Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:SA1.2-QR8"

From EGIWiki
Jump to navigation Jump to search
(Created page with "= 1. Task Meetings = <!-- Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings...")
 
Line 52: Line 52:
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
-->  
-->  
SA1.2 2012 roadmap was discussed and agreed [https://wiki.egi.eu/wiki/Plan_2012_SA1.2 roadmap] is now online. The second release of security dashboard was made avaliable before Christmas of 2011. Some important improvement has been made. The improvement of security dashboard continues and it is expected to be in full production by end of Q1 of 2012. The the development of security challenge framework continue. The SSC5 NGI run is expected to start in the Q1 of 2012. The next CSIRT 2 days face to face meeting will be held at CNAF in Bologna, Italy.
SVG has improved co-ordination of fixing of issues and release of advisories, with EMI and EGI DMSU,  to ensure advisories issued when software is released, this has made significant progress. SVG received the report on the Vulnerability Assessment of VOMS core from EMI.
EGI delivery D4.4 was completed and went to the external reviewers on 2nd January 2012. Comments from the reviewers received on 14th January. These have been addressed and the document has been finalized.
In this quarter, CSIRT has issued two security alerts, one is critical and one is high risk and handled 3 security incidents; SVG has handled 11 reported vulnerabilities and issued 4 advisories.




Line 77: Line 69:


= 4. Plans for the next period = <!-- provide your text below -->
= 4. Plans for the next period = <!-- provide your text below -->
CSIRT will continue working with security dashboard developers. The security dashboard will be in full production by end of Q1 of 2012. Domain name of CSIRT Nagios box will be migrated from current srv-102.afroditi.hellasgrid.gr into *.egi.eu domain, no service interruption is expected. SSC5 regional run in NGIs, to pilot at least one NGI run in Q1 of 2012, and assist NGI security officers for their regional runs after the initial pilot.
SVG will continue issue handling and improving usage of the EGI RT tracker to allow better reporting, including metrics. Discussion and plans on what should be done to assess new software, e.g. software from providers with which EGI is forming a relationship. EMI starting on Security Vulnerability Assessment of WMS.
The chair of SVG will co-ordinate the EGI Security Threat Risk Assessment described in D4.4.

Revision as of 16:19, 27 April 2012

1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
23-24/04/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=812 EGI CSIRT face to face meeting activities review and plan
20/04/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1018 The EGI Security Assessment Group - ratings discussion Discuss EGI security assessment document
22/03/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=962 EGI CSIRT team Monthly meeting Review previous month activities and plan for the coming month
23/03/20112 https://www.egi.eu/indico/conferenceDisplay.py?confId=959 EGI SVG Monthly meeting Review previous month activities and plan for the coming month
23/02/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=826 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month
16/02/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=822 EGI SVG Monthly meeting Review previous month activities and plan for the coming month
15/02/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=816 The EGI Security Threat Risk Assessment kickoff meeting EGI risk assessment

EGI CSIRT also has a weekly operation meeting on EVO. The minutes is recorded in EGI CSIRT private wiki (not publicly accessable)

2. Main Achievements

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period