Scuola Grid - Martina Franca, Thursday 08 November 2007 - 1 Incident Response Guide Alfredo Pagano INFN – CNAF on.

Slides:

Advertisements

Similar presentations

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures

Advertisements

RBA Securitisation System Technical Delivery Forum Thursday, 29 January 2015 RBA Securitisation System.

WELCOME MANAGING ATTENDANCE GOVERNOR / PRINCIPAL TRAINING MARCH 2012.

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Problem Management SDG teamIT Problem Management Process 2009 Client Services Authors: M. Begley & R. Crompton, Client Services.

Incident Response Updated 03/20/2015

A Task for NRENs: Application Support and Services UbuntuNet-Connect 2008, Lilongwe, Malawi 11th November 2008 Gerti Foest, DFN-Verein.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

Intern 2 Learn Program Overview. Intern 2 Learn What is Intern 2 Learn ? Intern 2 Learn is an undergraduate, student employment program designed to: Provide.

EARTO – working group on quality issues – 2 nd session Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

1 LHC-OPN 2008, Madrid, th March. Bruno Hoeft, Aurelie Reymund GridKa – DE-KIT procedurs Bruno Hoeft LHC-OPN Meeting 10. –

Wholesale Market Rule Monitoring and Enforcement by the Public Utility Commission of Texas Danielle Jaussaud PUCT Wholesale Market Oversight March 23,

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

EGEE is a project funded by the European Union under contract IST EGEE NA3 Third parties roles and responsibilities Christos Aposkitis GRNET.

LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK

15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,

MODULE 3 Composition & Roles. TAT TEAM APPROACH UPON COMPLETION OF THIS MODULE, PARTICIPANTS SHOULD UNDERSTAND: 3 – 2  Composition of the Threat Assessment.

Selecting Evidence Based Practices Oregon’s initial attempts to derive a process Implementation Conversations 11/10.

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

Enabling Grids for E-sciencE Carlos Fuentes IRIS-CERT, RedIRIS SWE Security Officer Handling Security Incidents.

Super User Forum 11 th July eWIN Super User Forum 11 th July 2011.

Compliance Monitoring and Enforcement Audit Program - The Audit Process.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

ITPD ISSUE MANAGEMENT PROCESS SEPTEMBER 5, 2008

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks ROC Security Contacts R. Rumler Lyon/Villeurbanne.

Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005

Article 28(2) USD Introduction. The Problem Fraud and Misuse scale Evolving risks Impact on end users –Direct financial impact –Direct inconvenience Indirect.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.

ROLE OF NURSE AIDE IN RESTORATION CARE. ROLE OF THE NURSE AIDE Use a restorative approach in the care of all residents, with a focus on independence and.

User Training Renewed focus on the issue of user safety and training Recent instances have highlighted the need for Users to have job specific safety training.

Last update 22/02/ :54 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VO Registration procedure Presented by.

 Secure resident safety  Assess the resident, provide medical and/or psychosocial treatment as necessary  Examine the resident’s injury and/or psychosocial.

EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.

Planning for LCG Emergencies HEPiX, Fall 2005 SLAC, 13 October 2005 David Kelsey CCLRC/RAL, UK

26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans.

INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Best Practices and Use cases David Bouvet,

Training for organisations participating in Peer Review of Paediatric Diabetes.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.

Friday 1 st December 2006 Careers & Employment Workshop Group B: Policy.

Tools of the Trade: Edition No. 2 (July 2011) Implementing the Near-Miss Program.

Scuola Grid - Martina Franca, Thursday 08 November Il Sistema di Supporto INFNGrid & GGUS ( Global Grid User.

13 TH MEETING OF THE GBIF PARTICIPANT NODE MANAGERS COMMITTEE – 6 OCTOBER 2015 Review of regional collaboration Olaf Bánki.

Not Tested and Void Codes. Topics Introduction/Purpose User Roles When to Use Not Tested Codes How to Use Not Tested Codes When to Use Void Codes Multiple.

Il Sistema di Supporto INFNGrid & GGUS (Global Grid User Support )

Polices, procedures & protocols

David Kelsey CCLRC/RAL, UK

CIC-on-Duty activity report

Ian Bird GDB Meeting CERN 9 September 2003

MANAGEMENT OF PROTOCOL AND GCP DEVIATIONS AND VIOLATIONS

Global 8D Problem Solving

Report on SLA progress Ioannis Liabotis <ilaboti at grnet.gr>

LCG Operations Centres

Description of Revision

Coordinated Assessment System (CAS): Update

Red Flags Rule An Introduction County College of Morris

Thankyou … for offering to assist as an ACBM Committee Member.

Neopay Practical Guides #2 PSD2 (Should I be worried?)

HQ Expectations of DOE Site IRBs

ISSUE MANAGEMENT PROCESS MONTH DAY, YEAR

Presentation transcript:

Scuola Grid - Martina Franca, Thursday 08 November Incident Response Guide Alfredo Pagano INFN – CNAF on behalf of CMT and Italian ROC

Scuola Grid - Martina Franca, Thursday 08 November Operational Security Coordination Team LCG/EGEE Incident Response Procedure Document: esponse_Procedure.pdf Security

Scuola Grid - Martina Franca, Thursday 08 November Introduction This procedure is provided for guidance only and is aimed at minimising the impact of security incidents, by encouraging post-mortem analysis and promoting cooperation between the sites. It is based on the EGEE Incident Response policy. –Have a look to:  onse_Guide.pdf

Scuola Grid - Martina Franca, Thursday 08 November Definition A security incident is the act of violating an explicit or implied security policy (ex: local security policy, EGEE Acceptable Use Policy) EGEE Acceptable Use Policy: –

Scuola Grid - Martina Franca, Thursday 08 November Incident response prodecure When a security incident is suspected, the following procedure should be used: 1. Contact immediately your local security team and your ROC Security Contact. 2. In case no support is shortly available, whenever feasible and if you are sufficiently familiar with the host/service to take responsibility for this action, try to contain the incident, for instance by unplugging the network cable connected to the host. Do NOT reboot or power off the host. 3. Assist your local security team and your ROC Security Contact to confirm and then announce the incident to all the sites via 4. If appropriate: report a downtime for the affected hosts on the GOCDB send an EGEE broadcast announcing the downtime for the affected hosts Use "Security operations in progress" as the reason with no additional detail both for the broadcast and the GOCDB.

Scuola Grid - Martina Franca, Thursday 08 November Incident response prodecure 5. Perform appropriate forensics and take necessary corrective actions If needed, seek for help from your local security team or from your ROC Security Contact or from If relevant, send additional reports containing suspicious patterns, files or evidence that may be of use to other Grid participants to project-egeesecurity- NEVER send potentially sensitive information (ex: hosts, IP addresses, usernames) without clearance from your local security team and/or your ROC Security Contact. 6. Coordinate with your local security team and your ROC Security Contact to send an incident closure report within 1 month following the incident, to all the sites via project- including lessons learnt and resolution. 7- Restore the service, and if needed, send an EGEE broadcast, update the GOCDB, service documentation and procedures to prevent recurrence as necessary.