SlideShare a Scribd company logo

Enabling Science with Trust and Security – Guest Keynote

Globus
Globus

This presentation was given at the 2019 GlobusWorld Conference in Chicago, IL by Tom Barton from University of Chicago and Internet2.

Technology
1 of 38
Download to read offline
Enabling Science with Trust and Security Tom Barton Sr Consultant for Cybersecurity & Data Privacy UChicago & Internet2 GlobusWorld 2019
What I’ll tell you • Security is all about enabling the mission by reducing risk to it • There are security programs designed to reduce risk to research • Trust frameworks reduce risk across complex cyberinfrastructure (CI) ecosystems • Trust frameworks & security enable scientific CI by reducing risk to it • Some practical ways to engage with these 2
The simplest case Human subjects research is perhaps the simplest example of security enabling science. Not that it’s easy! 3
4 Rigorous scientific methods help civic partners achieve the greatest social good per dollar
Liability incurred by contracts and regulation • Sensitive data provided under contract by external agencies • Variety of security obligations in Data Use Agreements • HIPAA Business Associate Agreements • Government contracts with DFARS flow down requirements • Federal security standards, focused on data confidentiality • Also subject to state regulations protecting personal information • Worst case: existential threat to associated research programs 5
Institutional strategy for secure research data • Research Computing, Research Administration, Legal, IT partnership to reduce risk to affected research • Provide security as a service to PIs so they don’t have to figure it out • Elements • Risk assessment in grants & contracts processes • Secure research computing service • Dean and VP Research level policy governance • Broad-based operational governance • Federal security standards: NIST SP 800-53/800-171/CUI • UChicago and many others have one or are moving in that direction 6
UChicago Secure Computing Environment 7
Benefits and dividends • On-going close coordination between research computing and central IT • Identity & access management • Security operations, incident response and risk assessment • Network engineering • Storage/recovery • Systems administration • Central IT learned how to support other sensitive computing needs • Re-usable building blocks of secure computing technologies and procedures • Total institutional cost is reduced with each re-use 8
Can CISOs and Research Computing Directors get along? • Yes! • "Enabling Trustworthy Campus Cyberinfrastructure for Science“ • Workshop by TrustedCI and InCommon, funded by NSF, September 2018 • Chief Information Security Officer and Research Computing Director teams from ~15 universities • Secure research computing needs drive successful partnerships among CISOs, RC Directors, Legal Counsel, Research Administration • Regardless of where RC Director and CISO report, large or small institution, centralized or decentralized 9
Review of the simplest case The scientific CI is in one organization, which makes feasible: • Close, on-going operational collaboration between research computing, central IT, information security • Implementation of Federal/NIST security standards Enables human subjects research programs by providing the help needed to address onerous security obligations 10
Security and risk Must it always be about complying with Federal/NIST security standards? 11
Security Defined by Merriam Webster 1: freedom from danger (safety), freedom from fear or anxiety 4: measures taken to guard against espionage or sabotage, crime, attack, or escape https://www.merriam-webster.com/dictionary/security We should emphasize definition #1, but security practice is traditionally focused on #4 12 slide credit: Von Welch
Data lost System unavailable Data altered Private data exposed Enforced shutdown Ransomware Cyber espionage Weaponization Hactivism Identity theft Mal intent Protective and responsive measures Prevent negative impact Extended disruption Cybersecurity – traditional view 13 CI system in designed state
Protective and responsive measures Data lost System unavailable Data altered Private data exposed Enforced shutdown Ransomware Cyber espionage Weaponization Misconfiguration Flaw in 3rd party component system Overlooked ancillary functions remain active System restored to unplanned state Uncaught data transport error Inadequate incident response capability Lack of operational coordination leaves system in unplanned stateHactivism Identity theft Mal intent Deltas to CI system design state Negative impact Extended disruption Cyber Risk – it’s not just about bad actors 14
Federal security standards address some IT risks 15 IT risk Federal security controls? Misconfiguration Yes Flaw in 3rd party component system Yes Overlooked ancillary functions remain active Yes System restored to unplanned state Yes Lack of operational coordination leaves system in unplanned state No Uncaught data transport error No Inadequate incident response capability Yes
Will Federal security frameworks assimilate all US scientific CI? Yes Appropriate, probably unavoidable, for some secure research Some aspects well suited to both open science and secure research No Needs common executive management, hence hard to apply across organizations Some critical IT risks aren’t addressed TrustedCI is developing alternatives for open science • Open Science Cyber Risk Profile • Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects 16
Lack of operational coordination leaves system in unplanned state Please hold this thought in mind for a few minutes…. 17
A complex case Trust Frameworks and Federation reduce risk in complex, multi- organizational circumstances 18
19 Since 2015, thirteen ESFRI Research Infrastructures from the field of BioMedical Science (BMS RI) joined their scientific capabilities and services to transform the understanding of biological mechanisms and accelerate its translation into medical care. • biobanking & biomolecular resources •curated databases •marine model organisms •systems biology •translational research •functional genomics •screening & medicinal chemistry •microorganisms •clinical trials •structural biology •biological/medical imaging•plant phenotyping •highly pathogenic microorganisms Slide credit: Mikael Linden
Increasing complexity of scientific CI • Bigger data & bigger teams need bigger CI • Beyond the scale a single organization can achieve on its own • Not-bigger funding motivates the concentration of CI investments • Federating or centralizing HPC centers, cloud • Size brings complexity • Federated user access, federated resources • Access management • Data, cache, and network management 20 As scientific CIs integrate more components and organizations, it’s harder to manage, debug, and ascertain the state of the entire system
Federated user access – a global infrastucture faculty, students, staff data sets intellectual property specialized instruments specialized computing 68 countries (March 2019) > 16,700 entities (25% InCommon) > 10,000,000 users connected by global research networks and federation 21
22 Get collaboration ready Release “Research & Scholarship” attributes Basic security for Identity Provider Accurate & complete metdata for good user experience Standard MFA request/response Identity assurance info Enable basic collaboration Support high value resources Protect collaboration resources Reduce risk Identity Providers implement Academic Service Providers implement Each item in the bottom two tiers is associated with a trust framework, as is the federation itself
InCommon progress on metadata (user experience) 23
24 InCommon’s Baseline Expectations program Dimensions ❏ Security ❏ Privacy ❏ Transparency/Accountability ❏ User Experience Participation Agreement requires everyone to adhere to Baseline Expectations Processes ❏ Community Consensus ❏ Community Dispute Resolution Mostly, it consists of tons of communication and help
Baseline Roadmap (under development) 25 1Q18 2Q18 3Q18 4Q18 1Q19 2Q19 3Q19 4Q19 1Q20 2Q20 3Q20 4Q20 1Q21 2Q21 3Q21 4Q21 Create BE processes, redo contracts, metadata quality. errorURL. SIRTFI all entities. R&S and REFEDS MFA for academic OS IdPs. IdPs must use collaboration- ready software/services.
Research & Scholarship attribute release • Name, email, affiliation, persistent identifier • Common need for “research and scholarship” services • Those service providers are “tagged” by their national federation operators as “R&S” • Identity Providers automatically release the R&S attributes to R&S tagged services • Such Identity Providers are also tagged as “R&S” so that services can elect to require R&S attributes in order to provide service • The R&S program contributes to good privacy practice under the European General Data Protection Regulation (GDPR) [ 26 ]
SIRTFI - security incident response trust framework for federated identity 27 Be willing to collaborate in responding to a federated security incident. Apply basic operational security protections to your federated entities in line with your organization’s priorities. Self-assert SIRTFI “tag” so that others will know to trust this about you.
REFEDS Assurance Framework 28 Identity Assurance Authentication Strength Authentication Single-factor authentication (SFA) Multi-factor authentication (MFA) Attributes Affiliation freshness 1 day Affiliation freshness 1 month ID Proofing Medium (eg postal credential delivery) Low (self-asserted) High (eg F2F) Identifiers ID is unique, personal and traceable ePPN is unique, personal and traceable Defines a standard means for service providers to receive information about identity assurance practice and request and receive information about strength of credentials
Review of the complex case & trust frameworks A trust framework is • A standard of behavior that applies to participants and/or components in large, complex, even global systems • Developed in response to identified needs of research and scholarly activities We trust that trust framework adopters reasonably observe the standard of behavior because of our shared mission in Research & Education Federations and other organizations enable and monitor trust framework participation and may operate processes to verify or compel adoption 29
Lack of operational coordination leaves system in unplanned state Systems that integrate components across many organizations can use trust frameworks to reduce the risk posed by intrinsic inability to coordinate operationally 30
Reducing risk to scientific CI Some services and programs you can take advantage of. Some things you might think about doing. 31
ResearchSOC ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. • NSF funded center • Indiana University, Duke University, Pittsburgh Supercomputing Center, University of California San Diego • Security Operations Center • Vulnerability scanning and threat intelligence sharing • Training information security professionals to address challenges of securing research 32
TrustedCI and Internet2 • Direct engagements or partnerships to review or solve problems • Security programs for NSF funded activities • Facility/Site Identity & Access Management • Federated user access • Cloud use • Campus Champions / CaRRC • Science Gateways Community Institute • Hope to translate experience with user federation into resource federation space 33
Globus Connect/High Assurance • Enhanced Connect Server/Personal to meet the security needs of protected environments for secure research • Only authorized identities • Audit trails • Session timeouts • More… • Enhanced Transfer & Auth services backend in AWS • Meets Federal/NIST security standards • Suited to HIPAA and other sensitive research data 34
You – campus research computing staff • Add federated user access tooling to your environment • CILogon, Globus Auth, COmanage, Grouper, others • Help your CISO become your partner • Support Federal security standards for high risk projects, sensible security for low (eg, Open Science Cyber Risk Profile) • Stay abreast of prototype resource federation efforts • Help TrustedCI/Internet2 understand your researchers’ problems and give guidance on good solutions 35
You – platform & gateway developers • Use federated user access tooling • Deep water, don’t roll your own user management!! • Help your information security people to help you • Bake sensible security into your dev and operational processes • Provide sensible security functionality to deployers • Your platforms are sometime implemented in very exposed Science DMZs – focus on securing system integrity, make it hard for bad guys to re-purposed as weapons 36
You - PIs • Involve research computing staff as early as possible in grant formulation process to optimize proposed data processing workflow • If sensitive research data is involved, early engagement will minimize hurdles & hoops, ensure satisfactory proposed data security plan • Demand sensible security – make the IT and security powers that be know that it matters and you need them for it 37
38 Thank you! Questions? tbarton@uchicago.edu

Recommended

Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
Doug Copley
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcare
Comtech TCS
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Digital Guardian
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Government Technology and Services Coalition
 
Dlp notes
Dlp notesDlp notes
Dlp notes
anuepcet
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
Digital Guardian
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 

Recommended

Cybersecurity Challenges in Healthcare
Cybersecurity Challenges in HealthcareCybersecurity Challenges in Healthcare
Cybersecurity Challenges in Healthcare
Doug Copley
 
Tcs cybersecurity for healthcare
Tcs cybersecurity for healthcareTcs cybersecurity for healthcare
Tcs cybersecurity for healthcare
Comtech TCS
 
Detroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDetroit ISSA Healthcare Cybersecurity
Detroit ISSA Healthcare CybersecurityDoug Copley
 
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 DaysCustomer Spotlight: Deploying a Data Protection Program in less than 120 Days
Customer Spotlight: Deploying a Data Protection Program in less than 120 Days
Digital Guardian
 
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Sean McCloskey: How do we Strengthen the Public-Private Partnership to Mitiga...
Government Technology and Services Coalition
 
Dlp notes
Dlp notesDlp notes
Dlp notes
anuepcet
 
The CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss PreventionThe CISO’s Guide to Data Loss Prevention
The CISO’s Guide to Data Loss Prevention
Digital Guardian
 
A guide to Sustainable Cyber Security
A guide to Sustainable Cyber SecurityA guide to Sustainable Cyber Security
A guide to Sustainable Cyber Security
Ernest Staats
 
Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 
Marc Crudgington Who I Am
Marc Crudgington Who I AmMarc Crudgington Who I Am
Marc Crudgington Who I AmMarc Crudgington, MBA
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
Anthony Dials
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program AssessmentsJohn Anderson
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLPYun Lu
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
CloudLock
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
EQS Group
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
DLP
DLPDLP
DLP
saurabh.sood
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
Kurt Hagerman
 
Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Health Catalyst
 

More Related Content

What's hot

Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
Marc Crudgington, MBA
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Ignyte Assurance Platform
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
Anthony Dials
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
Doug Copley
 
Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program AssessmentsJohn Anderson
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLPYun Lu
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
Global Business Events - the Heart of your Network.
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
CloudLock
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
Ian-Edward Stafrace
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
Mekhi Da ‘Quay Daniels
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
EQS Group
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
North Texas Chapter of the ISSA
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
Stephen Cobb
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
PECB
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
Ernest Staats
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Peter1020
 
DLP
DLPDLP
DLP
saurabh.sood
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
Kurt Hagerman
 

What's hot (20)

Data Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify ItData Security: Why You Need Data Loss Prevention & How to Justify It
Data Security: Why You Need Data Loss Prevention & How to Justify It
 
Marc Crudgington Who I Am
Marc Crudgington Who I AmMarc Crudgington Who I Am
Marc Crudgington Who I Am
 
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply ChainsFortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
Fortifying Cyber Defense: How to Act Now to Protect Global Supply Chains
 
ComResource Agency Solutions
ComResource Agency SolutionsComResource Agency Solutions
ComResource Agency Solutions
 
What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017What it Takes to be a CISO in 2017
What it Takes to be a CISO in 2017
 
Cybersecurity Program Assessments
Cybersecurity Program AssessmentsCybersecurity Program Assessments
Cybersecurity Program Assessments
 
Information Leakage & DLP
Information Leakage & DLPInformation Leakage & DLP
Information Leakage & DLP
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
Information Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based ApproachInformation Leakage - A knowledge Based Approach
Information Leakage - A knowledge Based Approach
 
The Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security BreachThe Anatomy of a Cloud Security Breach
The Anatomy of a Cloud Security Breach
 
Cyber Resilience
Cyber ResilienceCyber Resilience
Cyber Resilience
 
Internal Threats: The New Sources of Attack
Internal Threats: The New Sources of AttackInternal Threats: The New Sources of Attack
Internal Threats: The New Sources of Attack
 
M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017M&A security - E-crime Congress 2017
M&A security - E-crime Congress 2017
 
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea AlmeidaNTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
NTXISSACSC1 Conference - Cybersecurity 2014 by Andrea Almeida
 
How to assess and manage cyber risk
How to assess and manage cyber riskHow to assess and manage cyber risk
How to assess and manage cyber risk
 
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
Information Security vs. Data Governance vs. Data Protection: What Is the Rea...
 
Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security Risk Management Approach to Cyber Security
Risk Management Approach to Cyber Security
 
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations Digital Outsourcing: Risks, Pitfalls, and Security Considerations
Digital Outsourcing: Risks, Pitfalls, and Security Considerations
 
DLP
DLPDLP
DLP
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 

Similar to Enabling Science with Trust and Security – Guest Keynote

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
Information Technology Society Nepal
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Health Catalyst
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
Lumension
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
Precisely
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
Precisely
 
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
acemindia
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
xband
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMatthew Rosenquist
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
Anne Starr
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
Phil Huggins FBCS CITP
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
Resilient Systems
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
Patrick Florer
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
madunix
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
Shariyaz Abdeen
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
bakhtinasiriav
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
Donald Tabone
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
Adrian Dumitrescu
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
Paul Di Gangi
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
 

Similar to Enabling Science with Trust and Security – Guest Keynote (20)

Information security: importance of having defined policy & process
Information security: importance of having defined policy & processInformation security: importance of having defined policy & process
Information security: importance of having defined policy & process
 
Cloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor RiskCloud Cybersecurity: Strategies for Managing Vendor Risk
Cloud Cybersecurity: Strategies for Managing Vendor Risk
 
PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?PCI DSS Compliance and Security: Harmony or Discord?
PCI DSS Compliance and Security: Harmony or Discord?
 
Get Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security SolutionGet Ready for Syncsort's New Best-of-Breed Security Solution
Get Ready for Syncsort's New Best-of-Breed Security Solution
 
Complying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and DataComplying with Cybersecurity Regulations for IBM i Servers and Data
Complying with Cybersecurity Regulations for IBM i Servers and Data
 
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
Security Management in Cloud Computing by Shivani Gogia - Aravali College of ...
 
Bridging the Data Security Gap
Bridging the Data Security GapBridging the Data Security Gap
Bridging the Data Security Gap
 
Mergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of InterestMergers and Acquisition Security - Areas of Interest
Mergers and Acquisition Security - Areas of Interest
 
Dancyrityshy 1foundatioieh
Dancyrityshy 1foundatioiehDancyrityshy 1foundatioieh
Dancyrityshy 1foundatioieh
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
44CON 2014 - Security Analytics Beyond Cyber, Phil Huggins
 
Deconstructing Data Breach Cost
Deconstructing Data Breach CostDeconstructing Data Breach Cost
Deconstructing Data Breach Cost
 
Co3 rsc r5
Co3 rsc r5Co3 rsc r5
Co3 rsc r5
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Shariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentationShariyaz abdeen data leakage prevention presentation
Shariyaz abdeen data leakage prevention presentation
 
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptxC4I cyber secuirty by Eric Eifert - Keynote 9.pptx
C4I cyber secuirty by Eric Eifert - Keynote 9.pptx
 
Dealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber ResilienceDealing with Information Security, Risk Management & Cyber Resilience
Dealing with Information Security, Risk Management & Cyber Resilience
 
GDPR Part 2: Quest Relevance
GDPR Part 2: Quest RelevanceGDPR Part 2: Quest Relevance
GDPR Part 2: Quest Relevance
 
Cyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework PanelCyber Critical Infrastructure Framework Panel
Cyber Critical Infrastructure Framework Panel
 
BSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing businessBSIDES DETROIT 2015: Data breaches cost of doing business
BSIDES DETROIT 2015: Data breaches cost of doing business
 

More from Globus

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Globus
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
Globus
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
Globus
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
Globus
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
Globus
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
Globus
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Globus
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Globus
 
The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)
Globus
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
Globus
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
Globus
 
Extending Globus into a Site-wide Automated Data Infrastructure.pdf
Extending Globus into a Site-wide Automated Data Infrastructure.pdfExtending Globus into a Site-wide Automated Data Infrastructure.pdf
Extending Globus into a Site-wide Automated Data Infrastructure.pdf
Globus
 
Globus at the United States Geological Survey
Globus at the United States Geological SurveyGlobus at the United States Geological Survey
Globus at the United States Geological Survey
Globus
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Globus
 
Globus Compute with Integrated Research Infrastructure (IRI) workflows
Globus Compute with Integrated Research Infrastructure (IRI) workflowsGlobus Compute with Integrated Research Infrastructure (IRI) workflows
Globus Compute with Integrated Research Infrastructure (IRI) workflows
Globus
 
Reactive Documents and Computational Pipelines - Bridging the Gap
Reactive Documents and Computational Pipelines - Bridging the GapReactive Documents and Computational Pipelines - Bridging the Gap
Reactive Documents and Computational Pipelines - Bridging the Gap
Globus
 

More from Globus (20)

Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus Compute wth IRI Workflows - GlobusWorld 2024
Globus Compute wth IRI Workflows - GlobusWorld 2024
 
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...
 
Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024Globus Compute Introduction - GlobusWorld 2024
Globus Compute Introduction - GlobusWorld 2024
 
Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024Globus Connect Server Deep Dive - GlobusWorld 2024
Globus Connect Server Deep Dive - GlobusWorld 2024
 
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
First Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User EndpointsFirst Steps with Globus Compute Multi-User Endpoints
First Steps with Globus Compute Multi-User Endpoints
 
Enhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdfEnhancing Research Orchestration Capabilities at ORNL.pdf
Enhancing Research Orchestration Capabilities at ORNL.pdf
 
Understanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSageUnderstanding Globus Data Transfers with NetSage
Understanding Globus Data Transfers with NetSage
 
How to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good PracticesHow to Position Your Globus Data Portal for Success Ten Good Practices
How to Position Your Globus Data Portal for Success Ten Good Practices
 
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...
 
Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...Developing Distributed High-performance Computing Capabilities of an Open Sci...
Developing Distributed High-performance Computing Capabilities of an Open Sci...
 
The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)The Department of Energy's Integrated Research Infrastructure (IRI)
The Department of Energy's Integrated Research Infrastructure (IRI)
 
GlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote sessionGlobusWorld 2024 Opening Keynote session
GlobusWorld 2024 Opening Keynote session
 
Enhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZEnhancing Performance with Globus and the Science DMZ
Enhancing Performance with Globus and the Science DMZ
 
Extending Globus into a Site-wide Automated Data Infrastructure.pdf
Extending Globus into a Site-wide Automated Data Infrastructure.pdfExtending Globus into a Site-wide Automated Data Infrastructure.pdf
Extending Globus into a Site-wide Automated Data Infrastructure.pdf
 
Globus at the United States Geological Survey
Globus at the United States Geological SurveyGlobus at the United States Geological Survey
Globus at the United States Geological Survey
 
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisProviding Globus Services to Users of JASMIN for Environmental Data Analysis
Providing Globus Services to Users of JASMIN for Environmental Data Analysis
 
Globus Compute with Integrated Research Infrastructure (IRI) workflows
Globus Compute with Integrated Research Infrastructure (IRI) workflowsGlobus Compute with Integrated Research Infrastructure (IRI) workflows
Globus Compute with Integrated Research Infrastructure (IRI) workflows
 
Reactive Documents and Computational Pipelines - Bridging the Gap
Reactive Documents and Computational Pipelines - Bridging the GapReactive Documents and Computational Pipelines - Bridging the Gap
Reactive Documents and Computational Pipelines - Bridging the Gap
 

Recently uploaded

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
Pierluigi Pugliese
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
ViralQR
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
Sri Ambati
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
Jemma Hussein Allen
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
DianaGray10
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
RinaMondal9
 

Recently uploaded (20)

GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024By Design, not by Accident - Agile Venture Bolzano 2024
By Design, not by Accident - Agile Venture Bolzano 2024
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.Welocme to ViralQR, your best QR code generator.
Welocme to ViralQR, your best QR code generator.
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...
 
The Future of Platform Engineering
The Future of Platform EngineeringThe Future of Platform Engineering
The Future of Platform Engineering
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3UiPath Test Automation using UiPath Test Suite series, part 3
UiPath Test Automation using UiPath Test Suite series, part 3
 
Free Complete Python - A step towards Data Science
Free Complete Python - A step towards Data ScienceFree Complete Python - A step towards Data Science
Free Complete Python - A step towards Data Science
 

Enabling Science with Trust and Security – Guest Keynote

  • 1. Enabling Science with Trust and Security Tom Barton Sr Consultant for Cybersecurity & Data Privacy UChicago & Internet2 GlobusWorld 2019
  • 2. What I’ll tell you • Security is all about enabling the mission by reducing risk to it • There are security programs designed to reduce risk to research • Trust frameworks reduce risk across complex cyberinfrastructure (CI) ecosystems • Trust frameworks & security enable scientific CI by reducing risk to it • Some practical ways to engage with these 2
  • 3. The simplest case Human subjects research is perhaps the simplest example of security enabling science. Not that it’s easy! 3
  • 4. 4 Rigorous scientific methods help civic partners achieve the greatest social good per dollar
  • 5. Liability incurred by contracts and regulation • Sensitive data provided under contract by external agencies • Variety of security obligations in Data Use Agreements • HIPAA Business Associate Agreements • Government contracts with DFARS flow down requirements • Federal security standards, focused on data confidentiality • Also subject to state regulations protecting personal information • Worst case: existential threat to associated research programs 5
  • 6. Institutional strategy for secure research data • Research Computing, Research Administration, Legal, IT partnership to reduce risk to affected research • Provide security as a service to PIs so they don’t have to figure it out • Elements • Risk assessment in grants & contracts processes • Secure research computing service • Dean and VP Research level policy governance • Broad-based operational governance • Federal security standards: NIST SP 800-53/800-171/CUI • UChicago and many others have one or are moving in that direction 6
  • 8. Benefits and dividends • On-going close coordination between research computing and central IT • Identity & access management • Security operations, incident response and risk assessment • Network engineering • Storage/recovery • Systems administration • Central IT learned how to support other sensitive computing needs • Re-usable building blocks of secure computing technologies and procedures • Total institutional cost is reduced with each re-use 8
  • 9. Can CISOs and Research Computing Directors get along? • Yes! • "Enabling Trustworthy Campus Cyberinfrastructure for Science“ • Workshop by TrustedCI and InCommon, funded by NSF, September 2018 • Chief Information Security Officer and Research Computing Director teams from ~15 universities • Secure research computing needs drive successful partnerships among CISOs, RC Directors, Legal Counsel, Research Administration • Regardless of where RC Director and CISO report, large or small institution, centralized or decentralized 9
  • 10. Review of the simplest case The scientific CI is in one organization, which makes feasible: • Close, on-going operational collaboration between research computing, central IT, information security • Implementation of Federal/NIST security standards Enables human subjects research programs by providing the help needed to address onerous security obligations 10
  • 11. Security and risk Must it always be about complying with Federal/NIST security standards? 11
  • 12. Security Defined by Merriam Webster 1: freedom from danger (safety), freedom from fear or anxiety 4: measures taken to guard against espionage or sabotage, crime, attack, or escape https://www.merriam-webster.com/dictionary/security We should emphasize definition #1, but security practice is traditionally focused on #4 12 slide credit: Von Welch
  • 13. Data lost System unavailable Data altered Private data exposed Enforced shutdown Ransomware Cyber espionage Weaponization Hactivism Identity theft Mal intent Protective and responsive measures Prevent negative impact Extended disruption Cybersecurity – traditional view 13 CI system in designed state
  • 14. Protective and responsive measures Data lost System unavailable Data altered Private data exposed Enforced shutdown Ransomware Cyber espionage Weaponization Misconfiguration Flaw in 3rd party component system Overlooked ancillary functions remain active System restored to unplanned state Uncaught data transport error Inadequate incident response capability Lack of operational coordination leaves system in unplanned stateHactivism Identity theft Mal intent Deltas to CI system design state Negative impact Extended disruption Cyber Risk – it’s not just about bad actors 14
  • 15. Federal security standards address some IT risks 15 IT risk Federal security controls? Misconfiguration Yes Flaw in 3rd party component system Yes Overlooked ancillary functions remain active Yes System restored to unplanned state Yes Lack of operational coordination leaves system in unplanned state No Uncaught data transport error No Inadequate incident response capability Yes
  • 16. Will Federal security frameworks assimilate all US scientific CI? Yes Appropriate, probably unavoidable, for some secure research Some aspects well suited to both open science and secure research No Needs common executive management, hence hard to apply across organizations Some critical IT risks aren’t addressed TrustedCI is developing alternatives for open science • Open Science Cyber Risk Profile • Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects 16
  • 17. Lack of operational coordination leaves system in unplanned state Please hold this thought in mind for a few minutes…. 17
  • 18. A complex case Trust Frameworks and Federation reduce risk in complex, multi- organizational circumstances 18
  • 19. 19 Since 2015, thirteen ESFRI Research Infrastructures from the field of BioMedical Science (BMS RI) joined their scientific capabilities and services to transform the understanding of biological mechanisms and accelerate its translation into medical care. • biobanking & biomolecular resources •curated databases •marine model organisms •systems biology •translational research •functional genomics •screening & medicinal chemistry •microorganisms •clinical trials •structural biology •biological/medical imaging•plant phenotyping •highly pathogenic microorganisms Slide credit: Mikael Linden
  • 20. Increasing complexity of scientific CI • Bigger data & bigger teams need bigger CI • Beyond the scale a single organization can achieve on its own • Not-bigger funding motivates the concentration of CI investments • Federating or centralizing HPC centers, cloud • Size brings complexity • Federated user access, federated resources • Access management • Data, cache, and network management 20 As scientific CIs integrate more components and organizations, it’s harder to manage, debug, and ascertain the state of the entire system
  • 21. Federated user access – a global infrastucture faculty, students, staff data sets intellectual property specialized instruments specialized computing 68 countries (March 2019) > 16,700 entities (25% InCommon) > 10,000,000 users connected by global research networks and federation 21
  • 22. 22 Get collaboration ready Release “Research & Scholarship” attributes Basic security for Identity Provider Accurate & complete metdata for good user experience Standard MFA request/response Identity assurance info Enable basic collaboration Support high value resources Protect collaboration resources Reduce risk Identity Providers implement Academic Service Providers implement Each item in the bottom two tiers is associated with a trust framework, as is the federation itself
  • 23. InCommon progress on metadata (user experience) 23
  • 24. 24 InCommon’s Baseline Expectations program Dimensions ❏ Security ❏ Privacy ❏ Transparency/Accountability ❏ User Experience Participation Agreement requires everyone to adhere to Baseline Expectations Processes ❏ Community Consensus ❏ Community Dispute Resolution Mostly, it consists of tons of communication and help
  • 25. Baseline Roadmap (under development) 25 1Q18 2Q18 3Q18 4Q18 1Q19 2Q19 3Q19 4Q19 1Q20 2Q20 3Q20 4Q20 1Q21 2Q21 3Q21 4Q21 Create BE processes, redo contracts, metadata quality. errorURL. SIRTFI all entities. R&S and REFEDS MFA for academic OS IdPs. IdPs must use collaboration- ready software/services.
  • 26. Research & Scholarship attribute release • Name, email, affiliation, persistent identifier • Common need for “research and scholarship” services • Those service providers are “tagged” by their national federation operators as “R&S” • Identity Providers automatically release the R&S attributes to R&S tagged services • Such Identity Providers are also tagged as “R&S” so that services can elect to require R&S attributes in order to provide service • The R&S program contributes to good privacy practice under the European General Data Protection Regulation (GDPR) [ 26 ]
  • 27. SIRTFI - security incident response trust framework for federated identity 27 Be willing to collaborate in responding to a federated security incident. Apply basic operational security protections to your federated entities in line with your organization’s priorities. Self-assert SIRTFI “tag” so that others will know to trust this about you.
  • 28. REFEDS Assurance Framework 28 Identity Assurance Authentication Strength Authentication Single-factor authentication (SFA) Multi-factor authentication (MFA) Attributes Affiliation freshness 1 day Affiliation freshness 1 month ID Proofing Medium (eg postal credential delivery) Low (self-asserted) High (eg F2F) Identifiers ID is unique, personal and traceable ePPN is unique, personal and traceable Defines a standard means for service providers to receive information about identity assurance practice and request and receive information about strength of credentials
  • 29. Review of the complex case & trust frameworks A trust framework is • A standard of behavior that applies to participants and/or components in large, complex, even global systems • Developed in response to identified needs of research and scholarly activities We trust that trust framework adopters reasonably observe the standard of behavior because of our shared mission in Research & Education Federations and other organizations enable and monitor trust framework participation and may operate processes to verify or compel adoption 29
  • 30. Lack of operational coordination leaves system in unplanned state Systems that integrate components across many organizations can use trust frameworks to reduce the risk posed by intrinsic inability to coordinate operationally 30
  • 31. Reducing risk to scientific CI Some services and programs you can take advantage of. Some things you might think about doing. 31
  • 32. ResearchSOC ResearchSOC helps make scientific computing resilient to cyberattacks and capable of supporting trustworthy, productive research. • NSF funded center • Indiana University, Duke University, Pittsburgh Supercomputing Center, University of California San Diego • Security Operations Center • Vulnerability scanning and threat intelligence sharing • Training information security professionals to address challenges of securing research 32
  • 33. TrustedCI and Internet2 • Direct engagements or partnerships to review or solve problems • Security programs for NSF funded activities • Facility/Site Identity & Access Management • Federated user access • Cloud use • Campus Champions / CaRRC • Science Gateways Community Institute • Hope to translate experience with user federation into resource federation space 33
  • 34. Globus Connect/High Assurance • Enhanced Connect Server/Personal to meet the security needs of protected environments for secure research • Only authorized identities • Audit trails • Session timeouts • More… • Enhanced Transfer & Auth services backend in AWS • Meets Federal/NIST security standards • Suited to HIPAA and other sensitive research data 34
  • 35. You – campus research computing staff • Add federated user access tooling to your environment • CILogon, Globus Auth, COmanage, Grouper, others • Help your CISO become your partner • Support Federal security standards for high risk projects, sensible security for low (eg, Open Science Cyber Risk Profile) • Stay abreast of prototype resource federation efforts • Help TrustedCI/Internet2 understand your researchers’ problems and give guidance on good solutions 35
  • 36. You – platform & gateway developers • Use federated user access tooling • Deep water, don’t roll your own user management!! • Help your information security people to help you • Bake sensible security into your dev and operational processes • Provide sensible security functionality to deployers • Your platforms are sometime implemented in very exposed Science DMZs – focus on securing system integrity, make it hard for bad guys to re-purposed as weapons 36
  • 37. You - PIs • Involve research computing staff as early as possible in grant formulation process to optimize proposed data processing workflow • If sensitive research data is involved, early engagement will minimize hurdles & hoops, ensure satisfactory proposed data security plan • Demand sensible security – make the IT and security powers that be know that it matters and you need them for it 37