"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
EGI Operational Security
1. www.egi.eu
EGI-Engage is co-funded by the Horizon 2020 Framework Programme
of the European Union under grant number 654142
EGI Security Coordinator
UK Research and Innovation STFC
EGI Operational Security
(at EOSC-hub, Malaga, 17 April 2018)
David Kelsey
2. 217/04/2018
Why “Security”?
• EGI Operational Security – aims include
– Prevention, Response, Training
– Maintain Confidentiality, Integrity, Availability
• of services & data
– Manage Security Risks
• assessment & mitigation
• Threats are constantly changing
– Ongoing process of risk analysis
– Constant evolution of policies, procedures & best
practices
EGI Operational Security
3. 317/04/2018
More details published in
https://www.egi.eu/wp-content/uploads/2017/07/EGI-CSIRT-report-July-
2017.pdf
EGI Operational Security
5. 517/04/2018
EGI CSIRT Activities
• Prevention of security incidents
– Risk assessment & mitigation
– Security Monitoring
– Vulnerability Handling
• Incident Response
– Support NGI, Community & service security teams
– Digital forensics
– Mitigation
• Security Drills
• Training and Dissemination
• Also – Security Policy Group
EGI Operational Security
6. 617/04/2018
Collaboration with other Infrastructures -
WISE
• Wise Information Security for e-Infrastructures
– SCI & GEANT SIG-ISM together – first meeting Oct
2015
– Excellent way of collaborating with other Infrastructures
• EGI, EUDAT, PRACE, GEANT, NRENs, WLCG, XSEDE, OSG, HBP, …
– EGI people on WISE steering committee
– Leading, for example, the SCI working group
• Security for Collaborating Infrastructures
• SCI version 2 was endorsed at TNC17 Linz (1 June)
EGI Operational Security
8. 817/04/2018
New or improved policies
• Security policies and procedures were completely
updated to address new technologies and AAI
scenarios
• These support the operation of diverse distributed
infrastructures supporting multiple international
collaborations
• Other Infrastructures can use (and modify) and do
– WLCG, EUDAT, PRACE, ELIXIR
– Input to WISE SCI group
EGI Operational Security
10. 1017/04/2018
EOSC-hub
• WP4 Task 4.4 responsible for Operational Security
• During Year 1, we will review, sharpen and harmonise,
including
• EGI/EUDAT Incident Response procedures
• EGI/EUDAT other security policies and procedures
• Evolution of vulnerability handling
• Develop/streamline all communication processes
• Coordinate with many external bodies (WISE etc)
• Develop new training and certification
• Security Risk Assessment of EOSC-hub service
catalogue
• Define security requirements, controls and
procedures for services in the catalogue
• Evolution of our monitoring infrastructure
EGI Operational Security