Difference between revisions of "EGI Core activities:2013-bidding Security coordination"

From EGIWiki
Jump to: navigation, search
Line 1: Line 1:
 
{{TOC_right}}
 
{{TOC_right}}
 
'''Go back to the [[Core_EGI_Activities|activity list]].'''
 
'''Go back to the [[Core_EGI_Activities|activity list]].'''
* Service name:
+
* Service name: Security coordination
 
* Service category: Operations
 
* Service category: Operations
* Service type: Coordination, operation and maintenance
+
* Service type: Coordination
  
The ... is part of the EGI Core Infrastructure Platform ... which supports the daily operations of EGI.
+
Security coordination is part of the EGI.eu coordination function.
  
 
= Introduction =
 
= Introduction =
 +
Security is recognised as an important aspect of e-Infrastructures and requires co-ordination between the EGI participants at various levels, in particular for the prevention and handling of incidents.
  
 
= Technical description =
 
= Technical description =
 
This service includes the following components.
 
This service includes the following components.
  
== Coordination ==
+
== Security Operations Coordination ==
This activity is responsible of the coordination of the system operation and upgrade activities with those partners that are in charge of operating other systems that depend on it.
+
Central coordination of the security activities ensures that policies, operational security, and maintenance are compatible amongst all partners, improving availability and lowering access barriers for use of the infrastructure. This coordination ensures that incidents are promptly and efficiently handled, that common policies are followed by providing services such as security monitoring, and by training and dissemination with the goal of improving the response to incidents. This includes liaison with external security organisations, coordination security training, of security service challenges and of security threat risk assessment.
  
== Support ==
+
== Security Policy Coordination ==
Support through the EGI helpdesk about
+
Security policy development covers diverse aspects, including operational policies (agreements on vulnerability management, intrusion detection and prevention, regulation of access, and enforcement), incident response policies (governing the exchange of information and expected actions), participant responsibilities (including acceptable use policies, identifying users and managing user communities), traceability, legal aspects, and the protection of personal data.
  
Support about ... is out of scope and is part of activity ''2nd level support (core platform)''.
+
== Security Incident Response Coordination ==
 +
Coordination of incident response activities in collaboration with the Incident Response Task Force.
  
'''Support hours''': eight hours a day (9-17 CE(S)T), Monday to Friday – excluding public holidays of the hosting organization.
+
== Software Vulnerability Group Coordination ==
 +
The Software Vulnerability Group aims to eliminate existing software vulnerabilities from the deployed infrastructure and prevent the introduction of new ones, and runs a process for handling software vulnerabilities reported.  
  
== Operation ==
+
== International Grid Trust Federation (IGTF) and EUGridPMA ==
* Daily running of the system
+
A common authentication trust domain is required to persistently identify all EGI participants.
* Testing and high availability configuration
+
This task is about the representation of EGI in IGTF and EUGridPMA. This representation will bring operational and policy needs of EGI to the attention of the PMA, bring issues raised by the PMA to the attention of the appropriate groups within EGI, and keep the EGI Council informed of progress and policies of the EUGridPMA. This task is also responsible for the coordination of the provision of EGI versions of the IGTF Certification Authority distributions as required by the EGI Council.
 
 
== Maintenance ==
 
This activity includes:
 
* core refactoring, bug fixing, proactive maintenance, improvement of the system
 
* coordination of software maintenance activities with other technology providers that provide software for the EGI Core Infrastructure or remote systems deployed by integrated and peer infrastructures that interoperate with the central EGI components of the system.
 
* requirements gathering
 
 
 
= Service level targets =
 
*Minimum availability/reliability: ..%/..%
 
*Response to incident records in GGUS within support hours: [[FAQ_GGUS-PT-QoS-Levels#Medium_service| Medium]] (see https://wiki.egi.eu/wiki/FAQ_GGUS-PT-QoS-Levels#Medium_service)
 

Revision as of 19:27, 3 July 2013


Go back to the activity list.

  • Service name: Security coordination
  • Service category: Operations
  • Service type: Coordination

Security coordination is part of the EGI.eu coordination function.

Introduction

Security is recognised as an important aspect of e-Infrastructures and requires co-ordination between the EGI participants at various levels, in particular for the prevention and handling of incidents.

Technical description

This service includes the following components.

Security Operations Coordination

Central coordination of the security activities ensures that policies, operational security, and maintenance are compatible amongst all partners, improving availability and lowering access barriers for use of the infrastructure. This coordination ensures that incidents are promptly and efficiently handled, that common policies are followed by providing services such as security monitoring, and by training and dissemination with the goal of improving the response to incidents. This includes liaison with external security organisations, coordination security training, of security service challenges and of security threat risk assessment.

Security Policy Coordination

Security policy development covers diverse aspects, including operational policies (agreements on vulnerability management, intrusion detection and prevention, regulation of access, and enforcement), incident response policies (governing the exchange of information and expected actions), participant responsibilities (including acceptable use policies, identifying users and managing user communities), traceability, legal aspects, and the protection of personal data.

Security Incident Response Coordination

Coordination of incident response activities in collaboration with the Incident Response Task Force.

Software Vulnerability Group Coordination

The Software Vulnerability Group aims to eliminate existing software vulnerabilities from the deployed infrastructure and prevent the introduction of new ones, and runs a process for handling software vulnerabilities reported.

International Grid Trust Federation (IGTF) and EUGridPMA

A common authentication trust domain is required to persistently identify all EGI participants. This task is about the representation of EGI in IGTF and EUGridPMA. This representation will bring operational and policy needs of EGI to the attention of the PMA, bring issues raised by the PMA to the attention of the appropriate groups within EGI, and keep the EGI Council informed of progress and policies of the EUGridPMA. This task is also responsible for the coordination of the provision of EGI versions of the IGTF Certification Authority distributions as required by the EGI Council.