SlideShare a Scribd company logo

Security Open Science Grid Doug Olson

Download as PPT, PDF
Information Security Awareness Group
Information Security Awareness Group

Security Open Science Grid Doug Olson

TechnologyBusiness
1 of 19
Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O., R. Cowles SLAC (past member), J. Basney NCSA (new member), Ron Cudzwicz FNAL, Rob Quick IU/GOC, Alain Roy U.Wisc./VDT ISGC2008 Taipei 9-11 April 2008
Abstract The status and directions of the security activities of the Open Science Grid. The high-level goal is to provide a security framework that enables science and promotes autonomous and open science collaboration among VOs, sites, and software providers. Keeping the balance between openness, which is necessary for the science, and the security is at the core of our work. We address these goals by providing: operational security, interoperability with other grids, and education. The operational security processes are modeled on the NIST 800-53 guidelines for security controls for information systems and includes appropriate communications channels for vulnerability awareness and incident response. Interoperability work spans the range from international policy development (JSPG, IGTF) to inter-grid information services to middleware development coordination (MWSG). Using the concept of Integrated Security Management where every person has responsibilities for security, we have started developing awareness materials and providing rolebased training on security practices and features to grid participants. 9 April 2008 Olson, OSG Security, ISGC2008 2
Contents • • • • • • • Goals Methodology Operations Interoperability Education Development and Directions Conclusion 9 April 2008 Olson, OSG Security, ISGC2008 3
Goals • The high-level goal is to provide a security framework that enables science and promotes autonomous and open science collaboration among VOs, sites, and software providers. • Availability - Keeping the balance between openness, which is necessary for the science, and the security is at the core of our work. • Integrity – of resources, VOs, middleware quality • Confidentiality – sufficient to meet the community requirements • Fine print – – – data integrity is a data owner issue and VOs own application data Confidentiality between VOs depends on sites’ policies and practices and no extraordinary requirements have been expressed 9 April 2008 Olson, OSG Security, ISGC2008 4
Methodology • NIST 800-53 process – used by government laboratories – No apparent standards for U.S. universities • Integrated Security Management – Security is part of everyone’s responsibilities • Security processes integrated with Operations 9 April 2008 Olson, OSG Security, ISGC2008 5
Modeled on NIST IT security process, adapted to meet OSG requirements. NIST 800-53 9 April 2008 Olson, OSG Security, ISGC2008 Slide from Irwin Gaines 6
Security Plan • Outline of security plan 1 OVERVIEW 2 CONTROLS 2.1 Risk Assessment and Management 2.2 Overview of OSG Security Control Clusters 2.3 Management Controls 2.3.1 Integrated Computer Security Management 2.3.2 Security Processes 2.3.3 Trust relationships 2.4 Operational Controls 2.4.1 Security Training and Awareness 2.4.2 Incident Response 2.4.3 Data Integrity 2.4.4 Configuration Management 2.4.5 Vulnerability Management 2.4.6 Physical Access Control and Site Management for Production Services. 2.5 Technical Controls 2.5.1 Monitoring 2.5.2 Access Control for Core OSG Administrators/Users 2.5.3 Scanning 3 References • • Includes 50 specific controls We have started a second pass of NIST800-53 loop – First pass included only OSG core – Second pass will include OSG participants (resource providers and VOs) 9 April 2008 Olson, OSG Security, ISGC2008 7
ISM = Owners’ Responsible • OSG core service - Owner – Software (VDT) – Alain R. – Web presence, email lists – Marcia T. – GOC services – Rob Q. • reg. db, tickets, VOMS, monitoring, … – Integration Test Bed – Rob G. – Accounting collector (Gratia) – Phillipe C. – Engagement – John M. – Security processes – Mine A. – RA – Doug O. 9 April 2008 Olson, OSG Security, ISGC2008 8
Security Operations • Security notices and incidents: – – GOC receives notice at security address, filters spam and notifies security officer. Analysis by security team, possible patch preparation by software team, and decision by security officer • – • • • Example process: Critical Update Software and Operations coordinators are part of security team GOC sends notice to affected participants. GOC registration collects security contact info Security team plans “fire drills” run by GOC to test aspects of security infrastructure & response Inter-grid – OSG security officer in direct contact with EGEE and TeraGrid security officers 9 April 2008 Olson, OSG Security, ISGC2008 9
Additional Activities of the Security Team • Vulnerability analysis of software stack • Audit of VOs and sites – Starting with accuracy of security contacts • Starting to monitor accounting data for irregular activities (using splunk) • Working with CEDPS (Tierney et al.) on log collection for analysis/incident response • OSG Registration Authority with DOEGrids CA (several thousand valid certificates) – Participated in CA audit for EUGridPMA • Policies (lots of work) 9 April 2008 Olson, OSG Security, ISGC2008 10
Identity vetting in OSG RA • Most Certificate Authorities use a “simple” identity vetting model, face-to-face presentation of photo ID to a registration agent. • OSG RA uses a distributed “sponsorship model” where each registration agent develops list of known Sponsors who can vouch for the identity of a subscriber (person requesting a certificate). – Communications via signed email or telephone. – Enables widely distributed RA network with normally a rapid processing time for requests. • Discussed this model with EUGridPMA in January with aim to clarify understanding and include in Classic CA accreditation profile. • Several other CA operators are interested in this model. 9 April 2008 Olson, OSG Security, ISGC2008 11
Metrics • Timeliness of software patches – Goal is 95% of vulnerabilities have patch released within 1 week – Performance in past year • • • • 9 April 2008 12 vulnerabilities 4.5 days average patch release time Longest – 13 days 3 vulnerabilities > 1 week Olson, OSG Security, ISGC2008 12
Example “fire drill” response Measure time to authentication failure following certificate revocation. Shows sites’ CRL update performance. Few sites fail authN initially. Most sites update overnight. 9 April 2008 Olson, OSG Security, ISGC2008 13
Controls Assessment • Controls are assessed by one or more of – Interview – Examination – Test • In fall of 2007 we performed assessment primarily by interview of service owners. – Was a lot of work. • Lessons learned feed into update of security plan in 2008. 9 April 2008 Olson, OSG Security, ISGC2008 14
Interoperability • Inter-grid – Communications between grid security officers – Incident response procedures – Shared PKI trust fabric and authN/authZ credential “standards” • Policies – Participant in Joint Security Policy Group – Participant in IGTF/TAGPMA • Infrastructure – Co-chair of Middleware Security Group (MWSG) – Identify and participate in specific projects • VOMS/GUMS • authZ architecture, FQAN standards • glexec – Reliance on and coordination with external projects • VO Services, VOMS, Condor, Globus, … 9 April 2008 Olson, OSG Security, ISGC2008 15
Education • Awareness training is a key part of the NIST process. – Knowledgeable people are less risky than ignorant people. • NIST control recommendations are: – – – – • Security Awareness and Training Policies and Procedures Security Awareness Security Training Security Training Records OSG Controls – Awareness for Managers • Briefing of the Executive Board – Role-based training (for Users, VO managers, Site Administrators, Management) • • • • Security briefings and discussions at All Hands Meetings Included in Grid School materials Included in Site Administrators meetings Included in Users Meetings – Weekly meetings of security team – Security addresses and mail lists 9 April 2008 Olson, OSG Security, ISGC2008 16
Developments and Directions • Proxy cleanup – don’t leave old proxy credentials laying around • CRL handling – ensure that sites use CRLs since GSI is “fail open” when CRL is missing • Timely CA certificate updates by sites • Ability to enforce or check limited proxy lifetimes • Site user authZ suspension (bar banned DN) • More secure communications for incident handling and analysis 9 April 2008 Olson, OSG Security, ISGC2008 17
Developments and Directions (2) • Uniform FQANs across sites, grids – privileges are not uniformly interpreted or enforced • Encourage federated Id management – would like grid credentials based on home institution or user facility authN • Better (easier) management of 1000’s of host credentials – work in progress • Simpler site security configuration management • Better monitoring to identify & limit security incidents • Advancing policies – still many incomplete and not yet existing policies • Continue “fire drills” and develop more realistic “incidents” 9 April 2008 Olson, OSG Security, ISGC2008 18
Conclusion • NIST model provides helpful guidance • Iterative process is useful and we can look forward to several more iterations • Interoperation/interoperability is challenging for security as in other aspects of grid – Incident response, information sharing, responsiveness of sites – all challenging • The partnerships with EGEE and TeraGrid are very fruitful • Bottom-line goal is to help the science and not hinder it. 9 April 2008 Olson, OSG Security, ISGC2008 19

Recommended

NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNorth Texas Chapter of the ISSA
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Nathan Wallace, PhD, PE
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 

Recommended

NTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNTXISSACSC2 - Software Assurance (SwA) by John Whited
NTXISSACSC2 - Software Assurance (SwA) by John WhitedNorth Texas Chapter of the ISSA
 
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...
PECB Webinar: ICS Security Management System using ISO 27001 Standard as the ...PECB
 
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...
NTXISSACSC2 - Advanced Persistent Threat (APT) Life Cycle Management Monty Mc...North Texas Chapter of the ISSA
 
Using an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseUsing an Open Source Threat Model for Prioritized Defense
Using an Open Source Threat Model for Prioritized DefenseEnclaveSecurity
 
Utilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyUtilizing the Critical Security Controls to Secure Healthcare Technology
Utilizing the Critical Security Controls to Secure Healthcare TechnologyEnclaveSecurity
 
Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Power System Cybersecurity: Threats, Challenges, and Barriers
Power System Cybersecurity: Threats, Challenges, and Barriers Nathan Wallace, PhD, PE
 
2008: Web Application Security Tutorial
2008: Web Application Security Tutorial2008: Web Application Security Tutorial
2008: Web Application Security TutorialNeil Matatall
 
A New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsA New Security Management Approach for Agile Environments
A New Security Management Approach for Agile EnvironmentsPECB
 
Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controlsEnclaveSecurity
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono Sutikno, Dr.Eng.,CISA,CISSP,CISM,CSX-F
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...North Texas Chapter of the ISSA
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Wc4
Wc4Wc4
Wc4Said Wali
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityElasticsearch
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 
GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayZivaro Inc
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1jjdoylecomcast
 

More Related Content

What's hot

Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controlsEnclaveSecurity
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNorth Texas Chapter of the ISSA
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...North Texas Chapter of the ISSA
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkNathan Wallace, PhD, PE
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controlsEnclaveSecurity
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSFDigital Bond
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security OperationsNapier University
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementEnclaveSecurity
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controlsEnclaveSecurity
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextAlgoSec
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Nathan Wallace, PhD, PE
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunk
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityEnclaveSecurity
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat DetectionNapier University
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToJim Gilsinn
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityElasticsearch
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureSuresh Kanniappan
 

What's hot (20)

Recent changes to the 20 critical controls
Recent changes to the 20 critical controlsRecent changes to the 20 critical controls
Recent changes to the 20 critical controls
 
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
Sarwono sutikno forum tik utk standardisasi keamanan kartu cerdas - 4 nov 2...
 
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold ToomeyNTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
NTXISSACSC2 - Software Security - My Other Marathon by Harold Toomey
 
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
NTXISSACSC3 - Beyond ISO 27034 - Intel's Product Security Maturity Model (PSM...
 
IEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel TalkIEEE PES GM 2017 Cybersecurity Panel Talk
IEEE PES GM 2017 Cybersecurity Panel Talk
 
More practical insights on the 20 critical controls
More practical insights on the 20 critical controlsMore practical insights on the 20 critical controls
More practical insights on the 20 critical controls
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Lessons Learned from the NIST CSF
Lessons Learned from the NIST CSFLessons Learned from the NIST CSF
Lessons Learned from the NIST CSF
 
IT Cyber Security Operations
IT Cyber Security OperationsIT Cyber Security Operations
IT Cyber Security Operations
 
Information Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to MeasurementInformation Assurance Metrics: Practical Steps to Measurement
Information Assurance Metrics: Practical Steps to Measurement
 
Overview of the 20 critical controls
Overview of the 20 critical controlsOverview of the 20 critical controls
Overview of the 20 critical controls
 
Managing risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business contextManaging risk and vulnerabilities in a business context
Managing risk and vulnerabilities in a business context
 
Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges Power System Cybersecurity: Barriers and Challenges
Power System Cybersecurity: Barriers and Challenges
 
SplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCPSplunkLive! Customer Presentation – UMCP
SplunkLive! Customer Presentation – UMCP
 
Practical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device securityPractical steps for assessing tablet & mobile device security
Practical steps for assessing tablet & mobile device security
 
Machine Learning for Threat Detection
Machine Learning for Threat DetectionMachine Learning for Threat Detection
Machine Learning for Threat Detection
 
ISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How ToISA/IEC 62443: Intro and How To
ISA/IEC 62443: Intro and How To
 
Wc4
Wc4Wc4
Wc4
 
Conferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic SecurityConferencia principal: Evolución y visión de Elastic Security
Conferencia principal: Evolución y visión de Elastic Security
 
Happiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance BrochureHappiest Minds NIST CSF compliance Brochure
Happiest Minds NIST CSF compliance Brochure
 

Similar to Security Open Science Grid Doug Olson

GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayZivaro Inc
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1jjdoylecomcast
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12Mustafa Jarrar
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteSplunk
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015Debra McElvy
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyCloud Standards Customer Council
 
Splunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical CollegeSplunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical CollegeSplunk
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Standards Customer Council
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013brian_chong
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalrkadayam
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...John M. Willis
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCJohn M. Willis
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveAlgoSec
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsKenny Huang Ph.D.
 

Similar to Security Open Science Grid Doug Olson (20)

GTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech DayGTRI Splunk Case Studies - Splunk Tech Day
GTRI Splunk Case Studies - Splunk Tech Day
 
08252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA108252016 John D Resume ITIL PMP CISSP CSM CISA1
08252016 John D Resume ITIL PMP CISSP CSM CISA1
 
E gov security_tut_session_12
E gov security_tut_session_12E gov security_tut_session_12
E gov security_tut_session_12
 
Virtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - DeloitteVirtual Gov Day - Security Breakout - Deloitte
Virtual Gov Day - Security Breakout - Deloitte
 
McElvy Resume 2015
McElvy Resume 2015McElvy Resume 2015
McElvy Resume 2015
 
Latest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and PrivacyLatest Developments in Cloud Security Standards and Privacy
Latest Developments in Cloud Security Standards and Privacy
 
3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server3 Reasons Why the Cloud is More Secure than Your Server
3 Reasons Why the Cloud is More Secure than Your Server
 
Splunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical CollegeSplunk at Weill Cornell Medical College
Splunk at Weill Cornell Medical College
 
Open Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob CowlesOpen Science Grid security-atlas-t2 Bob Cowles
Open Science Grid security-atlas-t2 Bob Cowles
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 
PCI presentation
PCI presentationPCI presentation
PCI presentation
 
Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0Cloud Security Standards: What to Expect and What to Negotiate V2.0
Cloud Security Standards: What to Expect and What to Negotiate V2.0
 
Openstack security presentation 2013
Openstack security presentation 2013Openstack security presentation 2013
Openstack security presentation 2013
 
Succeeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps finalSucceeding-Marriage-Cybersecurity-DevOps final
Succeeding-Marriage-Cybersecurity-DevOps final
 
01-15a
01-15a01-15a
01-15a
 
Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...Enumerating software security design flaws throughout the ssdlc cosac - 201...
Enumerating software security design flaws throughout the ssdlc cosac - 201...
 
Enumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLCEnumerating software security design flaws throughout the SSDLC
Enumerating software security design flaws throughout the SSDLC
 
The Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the CurveThe Security Policy Management Maturity Model: How to Move Up the Curve
The Security Policy Management Maturity Model: How to Move Up the Curve
 
IoT Security and Privacy Considerations
IoT Security and Privacy ConsiderationsIoT Security and Privacy Considerations
IoT Security and Privacy Considerations
 
Security Analytics Beyond Cyber
Security Analytics Beyond CyberSecurity Analytics Beyond Cyber
Security Analytics Beyond Cyber
 

More from Information Security Awareness Group

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Information Security Awareness Group
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...Information Security Awareness Group
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Information Security Awareness Group
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Information Security Awareness Group
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceInformation Security Awareness Group
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...Information Security Awareness Group
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Information Security Awareness Group
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...Information Security Awareness Group
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Information Security Awareness Group
 

More from Information Security Awareness Group (20)

Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Trian...
 
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf... Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
Mobile Device Security by Michael Gong, Jake Kreider, Chris Lugo, Kwame Osaf...
 
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
Mobile Devices – Using Without Losing Mark K. Mellis, Associate Information S...
 
IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,IBM Security Strategy Intelligence,
IBM Security Strategy Intelligence,
 
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
Addressing Big Data Security Challenges: The Right Tools for Smart Protection...
 
Big data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security AllianceBig data analysis concepts and references by Cloud Security Alliance
Big data analysis concepts and references by Cloud Security Alliance
 
Big data analysis concepts and references
Big data analysis concepts and referencesBig data analysis concepts and references
Big data analysis concepts and references
 
PKI by Tim Polk
PKI by Tim PolkPKI by Tim Polk
PKI by Tim Polk
 
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A... Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
Authorization Policy in a PKI Environment Mary Thompson Srilekha Mudumbai A...
 
Pki by Steve Lamb
Pki by Steve LambPki by Steve Lamb
Pki by Steve Lamb
 
PKI by Gene Itkis
PKI by Gene ItkisPKI by Gene Itkis
PKI by Gene Itkis
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
OThe Open Science Grid: Concepts and Patterns Ruth Pordes, Mine Altunay, Bria...
 
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
Optimal Security Response to Attacks on Open Science Grids Mine Altunay, Sven...
 
THE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth PordesTHE OPEN SCIENCE GRID Ruth Pordes
THE OPEN SCIENCE GRID Ruth Pordes
 
Open Science Group Security Kevin Hill
Open Science Group Security Kevin HillOpen Science Group Security Kevin Hill
Open Science Group Security Kevin Hill
 
Xrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew HanushevskyXrootd proxies Andrew Hanushevsky
Xrootd proxies Andrew Hanushevsky
 
Privilege Project Vikram Andem
Privilege Project Vikram AndemPrivilege Project Vikram Andem
Privilege Project Vikram Andem
 
DES Block Cipher Hao Qi
DES Block Cipher Hao QiDES Block Cipher Hao Qi
DES Block Cipher Hao Qi
 
Cache based side_channel_attacks Anestis Bechtsoudis
Cache based side_channel_attacks Anestis BechtsoudisCache based side_channel_attacks Anestis Bechtsoudis
Cache based side_channel_attacks Anestis Bechtsoudis
 

Recently uploaded

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 

Recently uploaded (20)

"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 

Security Open Science Grid Doug Olson

  • 1. Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O., R. Cowles SLAC (past member), J. Basney NCSA (new member), Ron Cudzwicz FNAL, Rob Quick IU/GOC, Alain Roy U.Wisc./VDT ISGC2008 Taipei 9-11 April 2008
  • 2. Abstract The status and directions of the security activities of the Open Science Grid. The high-level goal is to provide a security framework that enables science and promotes autonomous and open science collaboration among VOs, sites, and software providers. Keeping the balance between openness, which is necessary for the science, and the security is at the core of our work. We address these goals by providing: operational security, interoperability with other grids, and education. The operational security processes are modeled on the NIST 800-53 guidelines for security controls for information systems and includes appropriate communications channels for vulnerability awareness and incident response. Interoperability work spans the range from international policy development (JSPG, IGTF) to inter-grid information services to middleware development coordination (MWSG). Using the concept of Integrated Security Management where every person has responsibilities for security, we have started developing awareness materials and providing rolebased training on security practices and features to grid participants. 9 April 2008 Olson, OSG Security, ISGC2008 2
  • 4. Goals • The high-level goal is to provide a security framework that enables science and promotes autonomous and open science collaboration among VOs, sites, and software providers. • Availability - Keeping the balance between openness, which is necessary for the science, and the security is at the core of our work. • Integrity – of resources, VOs, middleware quality • Confidentiality – sufficient to meet the community requirements • Fine print – – – data integrity is a data owner issue and VOs own application data Confidentiality between VOs depends on sites’ policies and practices and no extraordinary requirements have been expressed 9 April 2008 Olson, OSG Security, ISGC2008 4
  • 5. Methodology • NIST 800-53 process – used by government laboratories – No apparent standards for U.S. universities • Integrated Security Management – Security is part of everyone’s responsibilities • Security processes integrated with Operations 9 April 2008 Olson, OSG Security, ISGC2008 5
  • 6. Modeled on NIST IT security process, adapted to meet OSG requirements. NIST 800-53 9 April 2008 Olson, OSG Security, ISGC2008 Slide from Irwin Gaines 6
  • 7. Security Plan • Outline of security plan 1 OVERVIEW 2 CONTROLS 2.1 Risk Assessment and Management 2.2 Overview of OSG Security Control Clusters 2.3 Management Controls 2.3.1 Integrated Computer Security Management 2.3.2 Security Processes 2.3.3 Trust relationships 2.4 Operational Controls 2.4.1 Security Training and Awareness 2.4.2 Incident Response 2.4.3 Data Integrity 2.4.4 Configuration Management 2.4.5 Vulnerability Management 2.4.6 Physical Access Control and Site Management for Production Services. 2.5 Technical Controls 2.5.1 Monitoring 2.5.2 Access Control for Core OSG Administrators/Users 2.5.3 Scanning 3 References • • Includes 50 specific controls We have started a second pass of NIST800-53 loop – First pass included only OSG core – Second pass will include OSG participants (resource providers and VOs) 9 April 2008 Olson, OSG Security, ISGC2008 7
  • 8. ISM = Owners’ Responsible • OSG core service - Owner – Software (VDT) – Alain R. – Web presence, email lists – Marcia T. – GOC services – Rob Q. • reg. db, tickets, VOMS, monitoring, … – Integration Test Bed – Rob G. – Accounting collector (Gratia) – Phillipe C. – Engagement – John M. – Security processes – Mine A. – RA – Doug O. 9 April 2008 Olson, OSG Security, ISGC2008 8
  • 9. Security Operations • Security notices and incidents: – – GOC receives notice at security address, filters spam and notifies security officer. Analysis by security team, possible patch preparation by software team, and decision by security officer • – • • • Example process: Critical Update Software and Operations coordinators are part of security team GOC sends notice to affected participants. GOC registration collects security contact info Security team plans “fire drills” run by GOC to test aspects of security infrastructure & response Inter-grid – OSG security officer in direct contact with EGEE and TeraGrid security officers 9 April 2008 Olson, OSG Security, ISGC2008 9
  • 10. Additional Activities of the Security Team • Vulnerability analysis of software stack • Audit of VOs and sites – Starting with accuracy of security contacts • Starting to monitor accounting data for irregular activities (using splunk) • Working with CEDPS (Tierney et al.) on log collection for analysis/incident response • OSG Registration Authority with DOEGrids CA (several thousand valid certificates) – Participated in CA audit for EUGridPMA • Policies (lots of work) 9 April 2008 Olson, OSG Security, ISGC2008 10
  • 11. Identity vetting in OSG RA • Most Certificate Authorities use a “simple” identity vetting model, face-to-face presentation of photo ID to a registration agent. • OSG RA uses a distributed “sponsorship model” where each registration agent develops list of known Sponsors who can vouch for the identity of a subscriber (person requesting a certificate). – Communications via signed email or telephone. – Enables widely distributed RA network with normally a rapid processing time for requests. • Discussed this model with EUGridPMA in January with aim to clarify understanding and include in Classic CA accreditation profile. • Several other CA operators are interested in this model. 9 April 2008 Olson, OSG Security, ISGC2008 11
  • 12. Metrics • Timeliness of software patches – Goal is 95% of vulnerabilities have patch released within 1 week – Performance in past year • • • • 9 April 2008 12 vulnerabilities 4.5 days average patch release time Longest – 13 days 3 vulnerabilities > 1 week Olson, OSG Security, ISGC2008 12
  • 13. Example “fire drill” response Measure time to authentication failure following certificate revocation. Shows sites’ CRL update performance. Few sites fail authN initially. Most sites update overnight. 9 April 2008 Olson, OSG Security, ISGC2008 13
  • 14. Controls Assessment • Controls are assessed by one or more of – Interview – Examination – Test • In fall of 2007 we performed assessment primarily by interview of service owners. – Was a lot of work. • Lessons learned feed into update of security plan in 2008. 9 April 2008 Olson, OSG Security, ISGC2008 14
  • 15. Interoperability • Inter-grid – Communications between grid security officers – Incident response procedures – Shared PKI trust fabric and authN/authZ credential “standards” • Policies – Participant in Joint Security Policy Group – Participant in IGTF/TAGPMA • Infrastructure – Co-chair of Middleware Security Group (MWSG) – Identify and participate in specific projects • VOMS/GUMS • authZ architecture, FQAN standards • glexec – Reliance on and coordination with external projects • VO Services, VOMS, Condor, Globus, … 9 April 2008 Olson, OSG Security, ISGC2008 15
  • 16. Education • Awareness training is a key part of the NIST process. – Knowledgeable people are less risky than ignorant people. • NIST control recommendations are: – – – – • Security Awareness and Training Policies and Procedures Security Awareness Security Training Security Training Records OSG Controls – Awareness for Managers • Briefing of the Executive Board – Role-based training (for Users, VO managers, Site Administrators, Management) • • • • Security briefings and discussions at All Hands Meetings Included in Grid School materials Included in Site Administrators meetings Included in Users Meetings – Weekly meetings of security team – Security addresses and mail lists 9 April 2008 Olson, OSG Security, ISGC2008 16
  • 17. Developments and Directions • Proxy cleanup – don’t leave old proxy credentials laying around • CRL handling – ensure that sites use CRLs since GSI is “fail open” when CRL is missing • Timely CA certificate updates by sites • Ability to enforce or check limited proxy lifetimes • Site user authZ suspension (bar banned DN) • More secure communications for incident handling and analysis 9 April 2008 Olson, OSG Security, ISGC2008 17
  • 18. Developments and Directions (2) • Uniform FQANs across sites, grids – privileges are not uniformly interpreted or enforced • Encourage federated Id management – would like grid credentials based on home institution or user facility authN • Better (easier) management of 1000’s of host credentials – work in progress • Simpler site security configuration management • Better monitoring to identify & limit security incidents • Advancing policies – still many incomplete and not yet existing policies • Continue “fire drills” and develop more realistic “incidents” 9 April 2008 Olson, OSG Security, ISGC2008 18
  • 19. Conclusion • NIST model provides helpful guidance • Iterative process is useful and we can look forward to several more iterations • Interoperation/interoperability is challenging for security as in other aspects of grid – Incident response, information sharing, responsiveness of sites – all challenging • The partnerships with EGEE and TeraGrid are very fruitful • Bottom-line goal is to help the science and not hinder it. 9 April 2008 Olson, OSG Security, ISGC2008 19

Editor's Notes

  1. Just for the slide deck, not to read during presentation.