Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI CSIRT:Policies"

From EGIWiki
Jump to navigation Jump to search
 
(39 intermediate revisions by 6 users not shown)
Line 1: Line 1:
{{Egi-csirt-header}}
<!--{{Egi-csirt-header}}-->
==EGI Security Policies==
{{New-Egi-csirt-header}}  
 
== EGI Operational Security Procedures==
 
- [https://documents.egi.eu/document/710 Security Incident Handling Procedure], defined by EGI CSIRT. The document has been approved by EGI OMB and PMB . Also there is a Site Incident Response checklist [[https://wiki.egi.eu/wiki/File:Site_Checklist.pdf]] and an Incident Response Flowchart [[https://wiki.egi.eu/w/images/b/b4/Flowchart.pdf]].
The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow the new procedure to report and handle Grid-related security incident. We strongly encourage our security contacts and system administrators to have a printing copy of this procedure.
For more details on this EGI procedure, here are some useful links:
      Incident reporting wiki page: [[https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting]].
      [[Forensic Howto]] page.
      Site Incident Response checklist at [[https://wiki.egi.eu/wiki/File:Site_Checklist.pdf]].


The policy documents produced by the former [http://www.jspg.org JSPG] are '''valid since 1st May for the EGI partners'''. They are in the process of being imported into new documents template. For all up to dated EGI security policies, please refer to the [https://wiki.egi.eu/wiki/SPG EGI Security Policy Group] wiki page.
- [https://documents.egi.eu/document/717 Vulnerability Issue Handling Procedure], defined by EGI SVG. The document has been approved by EGI OMB and PMB.
The "Software Vulnerability Issue Handling Process" describes the process used to report and resolve Grid Software vulnerabilities in the EGI Inspire project. It describes the responsibilities of various people within the SVG, the EGI InSPIRE project and in the communities providing software distributed in the EGI Unified Middleware Distribution and how the various groups interact with this process. For more details you can browse the [https://wiki.egi.eu/wiki/SVG#What_to_do_if_you_find_a_Software_Vulnerability_in_the_EGI_infrastructure wiki page].  


==EGI Operational Security Procedures==
- [https://documents.egi.eu/document/283 EGI Critical Vulnerability Handling Procedure ].
The  "EGI Critical Vulnerability Handling Procedure" defines the procedure for dealing with Critical Security Issues where action needs to be taken by a single site or multiple sites.
All operational procedures can be found at: https://wiki.egi.eu/wiki/Operational_Procedures


Two EGI operational security procedures have been approved by EGI OMB and
<!--- [https://wiki.egi.eu/wiki/EGI_CSIRT:Op-notices/proxy-lifetime-02-11-2007 Operation Notice - Proxy Lifetime Limit] -->
PMB and now are released to public.  


They are:
== EGI Operational Security Notices ==
[https://wiki.egi.eu/wiki/EGI_CSIRT:Operational_notices Operational notices] based on [[EGI_CSIRT:Policies|approved JSPG policies]] or decisions made during [http://indico.cern.ch/categoryDisplay.py?categId=3l181 GDB meetings].


- Security Incident Handling Procedure
==EGI Security Policies==
(https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=E
GI-MS405-IRTF-47-V12.pdf), defined by EGI CSIRT
- Vulnerability Issue Handling Procedure
(https://documents.egi.eu/public/RetrieveFile?docid=47&version=11&filename=E
GI-MS405-SVG-47-V12.pdf), defined by EGI SVG


The "Security Incident Handling Procedure" define site and incident
For all up to date EGI security policies, please refer to the [https://wiki.egi.eu/wiki/SPG EGI Security Policy Group] wiki page and there in particular to [https://wiki.egi.eu/wiki/SPG:Documents EGI Approved Security Policies].
coordinator responsibilities when handling Grid-related security incident.
ALL EGI sites are required to follow the new procedure to report and handle
Grid-related security incident. We strongly encourage our security contacts
and system administrators to have a printing copy of this procedure.  
For more details you can browse the wiki page https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting.


The "Software Vulnerability Issue Handling Process" describes the process used to report and resolve Grid Software vulnerabilities in the EGI Inspire project. It describes the responsibilities of various people within the SVG, the EGI InSPIRE project and in the communities providing software
==EGI CSIRT Information Disclosure Policy==
distributed in the EGI Unified Middleware Distribution and how the various
groups interact with this process.
For more details you can browse the wiki page https://wiki.egi.eu/wiki/SVG#What_to_do_if_you_find_a_Software_Vulnerability_in_the_EGI_infrastructure .


  The permanent link to the two documents can be found at [https://documents.egi.eu/document/47] .
[[EGI CSIRT Information Disclosure Policy (draft)]]

Latest revision as of 09:58, 14 November 2013

EGI-CSIRT web site EGI-CSIRT Public wiki EGI-CSIRT Contacts EGI-CSIRT Activities EGI-CSIRT Private wiki


EGI Operational Security Procedures

- Security Incident Handling Procedure, defined by EGI CSIRT. The document has been approved by EGI OMB and PMB . Also there is a Site Incident Response checklist [[1]] and an Incident Response Flowchart [[2]]. The "Security Incident Handling Procedure" define site and incident coordinator responsibilities when handling Grid-related security incident. ALL EGI sites are required to follow the new procedure to report and handle Grid-related security incident. We strongly encourage our security contacts and system administrators to have a printing copy of this procedure. For more details on this EGI procedure, here are some useful links:

     Incident reporting wiki page: [[3]]. 
     Forensic Howto page.
     Site Incident Response checklist at [[4]].

- Vulnerability Issue Handling Procedure, defined by EGI SVG. The document has been approved by EGI OMB and PMB. The "Software Vulnerability Issue Handling Process" describes the process used to report and resolve Grid Software vulnerabilities in the EGI Inspire project. It describes the responsibilities of various people within the SVG, the EGI InSPIRE project and in the communities providing software distributed in the EGI Unified Middleware Distribution and how the various groups interact with this process. For more details you can browse the wiki page.

- EGI Critical Vulnerability Handling Procedure . The "EGI Critical Vulnerability Handling Procedure" defines the procedure for dealing with Critical Security Issues where action needs to be taken by a single site or multiple sites.

All operational procedures can be found at: https://wiki.egi.eu/wiki/Operational_Procedures


EGI Operational Security Notices

Operational notices based on approved JSPG policies or decisions made during GDB meetings.

EGI Security Policies

For all up to date EGI security policies, please refer to the EGI Security Policy Group wiki page and there in particular to EGI Approved Security Policies.

EGI CSIRT Information Disclosure Policy

EGI CSIRT Information Disclosure Policy (draft)