EGI CSIRT:SDG

From EGIWiki
Jump to: navigation, search

EGI-CSIRT wiki


public team pages| Incident Response Task Force (IRTF) | Security Drills Group (SDG) | Security Monitoring Group (SMG) |
public pages | Mission | Incident reporting | Dissemination | Alerts | Operational notices | Monitoring | Security challenges | Policies | Contacts |


Security Drills Group

Objective

The objectives of the Security-Drills are twofold. One aspect is to get an overview of the incident response capabilities of the sites participating in EGI and improve the collaboration among the distributed teams. The second is to improve the Security-Incident-Handling capabilities of the EGI-CSIRT itself. Here we continuously have to revisit our procedures and check whether our tracing of the security activities is sufficiently monitored and recorded.

Tasks

  • Design and set-up realistic simulations of computer security incident scenarios.
    • Address various grid middleware components (ex: VO Job submission framework (SSC4))
    • Assess the capabilities/suitability of fabric management tools for operational security.
    • Assess security related software (manageability) ex: glexec, central banning.
    • New tools for IRTF could first be tested here.
  • Run/evaluate/disseminate the security drills on the project level.
  • Collect the sites feedback, ex. which tools are needed to improve the response.
  • Provide a framework so that NGIs can run a particular security drill at some or all of their sites.
  • Set up a "Sites-Readiness" web page were the results of the security drills are collected. Access restricted to EGI-CSIRT, IRTF, EGI/NGI Management.

Role of the coordinator

Coordinate the project wide runs with the various involved (VO) CSIRTs. Coordinate with the NGI Security Officers local runs in order to have a optimal coverage of the challenged sites and by this getting a map of the sites readiness to respond to an computer security incident.

Coordinator

  • Sven Gabriel, The Netherlands NGI