1 / 6

ROC Security Contacts

ROC Security Contacts. R. Rumler Lyon/Villeurbanne. Contents. Security contact: implied entities Procedures Documentation and communication. Security contacts: entities (1). Operational Security Coordination Team - OSCT Composed of all ROC security contacts plus the EGEE Security Officer

moana-herring
Download Presentation

ROC Security Contacts

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ROC Security Contacts R. Rumler Lyon/Villeurbanne

  2. Contents • Security contact: implied entities • Procedures • Documentation and communication R. Rumler, 2007-10-18

  3. Security contacts: entities (1) • Operational Security Coordination Team - OSCT • Composed of all ROC security contacts plus the EGEE Security Officer • Discussion list: project-egee-security-support • Role • Forward initial information about an incident • Create an intervention team if necessary • OSCT- duty contact (OSCT-DC): associated to COD team • Grid Security Vulnerability Group • Members named by the project • Contact to signal a (supposed) vulnerability: grid-vulnerability-report • Role • Analyse the middleware and other programs used in the context of the grid to find potential vulnerabilities • Determine the degree of risk (Risk Analysis Team - RAT) • Develop a recommendation about the action(s) to be taken R. Rumler, 2007-10-18

  4. Security contacts: entities (2) • Computer Security Incident Response Team - CSIRT • Distribution lists: • Discussion: project-egee-security-contacts • Signal an incident: project-egee-security-csirts The security contacts registered in the GOCDB serve to constitute those lists. • GGUS support unit: Security Security incidents or information requests can be signalled through GGUS. One can create a ticket and assign it to the Security support unit. Attention: all GGUS tickets are publicly readable, so confidential data or contact information should not be mentioned there. • CIC-on-Duty - COD The grid operator can open security tickets in GGUS, monitors GGUS for this kind of tickets and has the obligation to invoke the OSCT duty contact (OSCT-DC) when such a ticket appears or a security incident happens. The COD can suspend sites immediately on demand from the EGEE security officer. R. Rumler, 2007-10-18

  5. Procedures • In case of a security incident detected by a grid site, this site must inform its ROC. • In all cases, the site has to follow the local security rules and procedures in terms of information of other authorities and of incident analysis. • The grid procedures have to be applied in addition to and not instead of the local ones. • The ROC informs its security contact (= its OSCT member) or directly the OSCT. • The OSCT creates an intervention team if appropriate (in addition to the one which might already be in place according to the local security procedures); in principle the ROC and the site having the incident should take the initiative to create the team. Anyway, the OSCT-DC has this role by default. R. Rumler, 2007-10-18

  6. Documentation • JSPG policy documents http://proj-lcg-security.web.cern.ch/proj-lcg-security/documents2.html • Current OSCT website https://twiki.cern.ch/twiki/bin/view/LCG/OSCT • New OSCT website (nearly completed construction) http://osct.web.cern.ch/osct/n/ • Incident response guide https://edms.cern.ch/file/428035/LAST_RELEASED/Incident_Response_Guide.pdf R. Rumler, 2007-10-18

More Related