Difference between revisions of "EGI CSIRT:Policies"
Line 8: | Line 8: | ||
For more details on this EGI procedure, here are some useful links: | For more details on this EGI procedure, here are some useful links: | ||
Incident reporting wiki page: [[https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting]]. | Incident reporting wiki page: [[https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting]]. | ||
[[Forensic Howto]] page . | [[Forensic Howto]] page. | ||
Site Incident Response checklist at [[https://wiki.egi.eu/wiki/File:Site_Checklist.pdf]]. | Site Incident Response checklist at [[https://wiki.egi.eu/wiki/File:Site_Checklist.pdf]]. | ||
Line 20: | Line 20: | ||
<!--- [https://wiki.egi.eu/wiki/EGI_CSIRT:Op-notices/proxy-lifetime-02-11-2007 Operation Notice - Proxy Lifetime Limit] --> | <!--- [https://wiki.egi.eu/wiki/EGI_CSIRT:Op-notices/proxy-lifetime-02-11-2007 Operation Notice - Proxy Lifetime Limit] --> | ||
== EGI Operational Security Notices == | == EGI Operational Security Notices == | ||
[https://wiki.egi.eu/wiki/EGI_CSIRT:Operational_notices Operational notices] based on [[EGI_CSIRT:Policies|approved JSPG policies]] or decisions made during [http://indico.cern.ch/categoryDisplay.py?categId=3l181 GDB meetings]. | [https://wiki.egi.eu/wiki/EGI_CSIRT:Operational_notices Operational notices] based on [[EGI_CSIRT:Policies|approved JSPG policies]] or decisions made during [http://indico.cern.ch/categoryDisplay.py?categId=3l181 GDB meetings]. |
Revision as of 10:09, 13 February 2013
EGI-CSIRT web site | EGI-CSIRT Public wiki | EGI-CSIRT Contacts | EGI-CSIRT Activities | EGI-CSIRT Private wiki |
EGI Operational Security Procedures
- Security Incident Handling Procedure, defined by EGI CSIRT. The document has been approved by EGI OMB and PMB . Also there is a Site Incident Response checklist [[1]] and an Incident Response Flowchart [[2]]. The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow the new procedure to report and handle Grid-related security incident. We strongly encourage our security contacts and system administrators to have a printing copy of this procedure. For more details on this EGI procedure, here are some useful links:
Incident reporting wiki page: [[3]]. Forensic Howto page. Site Incident Response checklist at [[4]].
- Vulnerability Issue Handling Procedure, defined by EGI SVG. The document has been approved by EGI OMB and PMB. The "Software Vulnerability Issue Handling Process" describes the process used to report and resolve Grid Software vulnerabilities in the EGI Inspire project. It describes the responsibilities of various people within the SVG, the EGI InSPIRE project and in the communities providing software distributed in the EGI Unified Middleware Distribution and how the various groups interact with this process. For more details you can browse the wiki page.
- EGI Critical Vulnerability Handling Procedure . The "EGI Critical Vulnerability Handling Procedure" defines the procedure for dealing with Critical Security Issues where action needs to be taken by a single site or multiple sites.
All operational procedures can be found at: https://wiki.egi.eu/wiki/Operational_Procedures
EGI Operational Security Notices
Operational notices based on approved JSPG policies or decisions made during GDB meetings.
EGI Security Policies
For all up to date EGI security policies, please refer to the EGI Security Policy Group wiki page.