Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.

Slides:

Advertisements

Similar presentations

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Advertisements

Using training packages to meet client needs Facilitator: Gerard Kell.

(The Global Programme of Research On Climate Change Vulnerability, Impacts and Adaptation) Adaptation Knowledge Day V: Climate Change Adaptation Gaps BONN,

High level expert meeting to develop the Near East Regional Action Plan to Implement the Global Strategy to improve Agricultural and Rural Statistics.

Due Process – ISSAIs and INTOSAI GOVs Roberto José Domínguez Moro Superior Audit Office of Mexico INTOSAI Working Group on Public Debt October, 2009.

Updated e-IRG recommendations Motivation and status.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

IEEE S2ESC Report1 Software And Systems Engineering Standards Committee (S2ESC) Paul R. Croll S2ESC Sponsor Chair June 2004 Report.

Global Action Plan and its implementation in other regions Meeting for Discussion of the draft Plan for the Implementation of the Global Strategy to Improve.

IPC Global Strategic Programme ( ) IPC Global Partners: IPC REGIONAL Strategic Programme IPC Regional Steering Committee Meeting – March.

Nova Scotia Falls Prevention Update Preventing Falls Together Conference October 29, 2009 Suzanne Baker.

INTOSAI Public Debt Working Group Updating of the Strategic Plan Richard Domingue Office of the Auditor General of Canada June 14, 2010.

BOTSWANA NATIONAL CYBER SECURITY STRATEGY PROJECT

Improving services for people with low vision: an evaluation of the work of the Low Vision Services Committees Andrew Gibson, Research Fellow, Institute.

SAON is a process to support and strengthen the development of multinational engagement for sustained and coordinated pan-Arctic observing and data sharing.

Office of the Federal Coordinator for Meteorology OFCM Opening Remarks and WG/WIST Activities Update Paul Pisano Mike Campbell WG/WIST Cochairs June 6,

InWEnt | Qualified to shape the future1 Internet based Human Resource Development Management Platform Human Resource Development Programme in Natural Disaster.

Results of the Thematic Monitoring Group 2 Development of Skills within Companies, particularly SME’s.

IFAP Special Event: Information and Knowledge for All, Emerging Trends and Challenges Information Preservation 4000 Years of Traditions Challenged by Digital.

Environmental Management System Definitions

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

Networks ∙ Services ∙ People Alessandra Scicchitano TF-CSIRT meeting – Tallinn, Estonia SIG-ISM Update 24 th September 2015 SIG-ISM Secretary.

SARS and Information Policy: Emerging Roles for Information Practitioners Information Flow ·IPs could help in developing information policy because they.

Comité de deuda pública Public Debt Committee Strategic Plan Presented by Richard Domingue Office of the Auditor General of Canada.

National Center for Supercomputing Applications Barbara S. Minsker, Ph.D. Associate Professor National Center for Supercomputing Applications and Department.

Working Group on Public Debt Progress Report 7th Meeting of the Steering Committee of the INTOSAI Committee on the Knowledge Sharing and Knowledge Services.

ST-09-01: Catalyzing Research and Development (R&D) Funding for GEOSS Florence Béroud, EC Jérome Bequignon, ESA Kathy Fontaine, US ST Kick-off Meeting.

1 CAI-Asia China Project CAI-Asia China Project Inception Workshop October, 2005 Beijing PRC.

UK Environmental Observation Framework.

ESIP Vision: “Achieve a sustainable world” by Serving as facilitator and advisor for the Earth science information community Promoting efficient flow of.

Working Group on the Value and Benefits Chair´s Report 7th Meeting of the Steering Committee of the INTOSAI Committee on the Knowledge Sharing and Knowledge.

Due Process – ISSAIs and INTOSAI GOVs Roberto José Domínguez Moro Superior Audit Office of Mexico INTOSAI Working Group on Public Debt October, 2009.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.

Authentication and Authorisation for Research and Collaboration AARC Plenary, Milano Melanie Imming, LIBER Authentication and Authorisation for Research.

WORKING GROUP ON FOREST FIRES IN THE MEDITERRANEAN REGION Enlarged Executive Committee SILVA MEDITERRANEA Hammamet, Tunisia, 3-4 December 2013.

Introduction to ITIL and ITIS. CONFIDENTIAL Agenda ITIL Introduction  What is ITIL?  ITIL History  ITIL Phases  ITIL Certification Introduction to.

Networks ∙ Services ∙ People Valentino Cavalli General Assembly Meeting GÉANT Community Programme Luxembourg, November 2015.

The 7th Framework Programme for Research: Strategy of international cooperation activities Robert Burmanjer Head of Unit, “International Scientific Cooperation.

Networks ∙ Services ∙ People GÉANT Community Innovation Programme DISCUSSION 14th October 2015 GÉANT General Assembly.

+ Welcome to PAHO/WHO Sustainable Development and Health Toolkit for the UN Global Conference RIO + 20 Welcome to PAHO/WHO Sustainable Development and.

Authentication and Authorisation for Research and Collaboration Licia Florio AARC CORBEL Workshop The AARC Project Paris, 31 May.

COST Action and European GBIF Nodes Anne-Sophie Archambeau.

PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier.

Making the future happen Some remarks from the perspective of the Reykjavik-Group Chair full report:

Primary Steps for Achieving ISO Certification.

SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.

WISE Information Security for Collaborating E-Infrastructures

Mastering the Art of Collaboration for WISEr Global Security

Security Management Geant SIG-SIM – Alf Moens

WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.

David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

WISE WG STAA Awareness and Training

WISE people take action on security – Discussion

WISE 2017 Collaborating Communities

Dublin, february th SIG ISM Workshop.

David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

Wrap-up & discussion EOSC Governance Development Forum workshop:

Hannah Short CERN, Computer Security

Where is Your Organization on the Accessibility Maturity Scale

Be WISE! Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.

Projects under DTP Thematic Pole 2 TP2 (Framework Support for RDI)

David Kelsey (STFC-RAL)

WORKING GROUP ON FOREST FIRES IN THE MEDITERRANEAN REGION

WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.

Fiscal policy program Presented by Cindy Draper, Fiscal Policy Officer – Training Days 2018 Introduce myself This session is to provide an overview of.

EOSC-hub Contribution to the EOSC WGs

WISE, SCI & policy templates David Kelsey (STFC-RAL, UK Research and Innovation) FIM4R & TIIME, Vienna, 11 February 2019.

Presentation transcript:

Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer

WISE – what is it? Wise Information Security for Collaborating E-infrastructure A trusted global framework where security experts can share information on different topics like risk management, experiences about certification process and threat intelligence keeping a special focus on e-infrastructures.

How everything started Joint effort of GEANT SIG-ISM (Special Interest Group on Information Security Management) and SCI (Security for Collaboration among Infrastructures)GEANT SIG-ISM SCI Workshop in Barcelona Spain, October Workshop 50 participants

How everything started Main idea: 4 big e-infrastructures EGI, EUDAT, GEANT and PRACE getting together to facilitate the exchange of experience and knowledge on security. But also NRENs, XSEDE, NCSA, CTSC and communities like HEP/CERN, HBP and many others participated. A profound need for a real collaboration became evident

WISE – The new born community WISE Workshop – Barcelona Supercomputing Center – October 2015

Activities Led by a Steering Committee Two face-to-face meetings a year The main work happens through working groups. Five WGs: Updating the SCI framework (SCIV2-WG) Security Training and Awareness (STAA-WG) Security Review and Audit (SRA-WG) Risk Assessment WISE (RAW-WG) Security in Big and Open Data (SBOD-WG)

SCIV2-WG Updating the SCI framework: Already existing framework created by the SCI group 1.pdf 1.pdf SCIV2-WG will work towards version 2 of the SCI document that will become the 1 st WISE framework defining best practices, trust and policy standards for collaboration. A wider range of stakeholders will be involved, specifically the NRENs, whose security issues were not present in the first version.

SCIv2-WG The WG has just defined the direction of the work and chose the first topic the group will focus on: How to share vulnerabilities among e-infrastructures

STAA-WG Security Training and Awareness: Training is wanted and needed for security professionals, systems and network managers and engineers, users of the infrastructures and for decision makers, for a wide range of topics. Main activities of the WG: Collecting good training practices Collecting information about relevant existing trainings at the infrastructures Set up a basic training and awareness program for organizations in the WISE community, identifying which trainings are needed

STAA-WG The WG Security Traijning and Awareness will first do an inventory: What are the target groups for security awareness? What materials are already available and what pratices can NRENs share? What are the most important subject for security training? Which free/open training or trainings materials are available? Which commercual rainings are available? The purpose is to identify the training needs and make a first match with available training material.

RAW-WG Risk assessment WISE: Large e-infrastructures are vulnerable for high impact security incidents because of the relative easy way that an incident may spread among partner organizations because of the collaborative services that exist among the constituent organizations. So it is important that each member organization has a trusted level of implemented security procedures. The objective of the WG is to provide e-infrastructures and their member organizations with guidelines on how Risk Assessments can be effectively implemented.

SRA-WG Security Review and Audit: A proven method to obtain objective and comprehensive information about the current state of information security is to perform security reviews and security audits Some of the activities of the WG: Follow and contribute to the development of security audits and reviews among the constituents Share related best practices for implementations Contribute to development of security standards and frameworks

SBOD-WG Security in Big and Open Data: The WG focuses on security issues that arise when dealing with Big and Open data especially within the e-infrastructures. Main activities of the WG: list and discuss already existing studies and state of the art the starting point for the rest of the work. work on a list of issues particularly important for e-infrastructures and on a set of recommendations on how to minimize the impact of these issues.

SBOD-WG Published a draft of the case statement Working on providing a clear definition of what is big and open data for the WG.

Participate in WISE Interested in any of the the working group subjects? Subscribe to the workgroup mailinglist on the WISE website Contact the workgroup chair and let’s work together The Working groups are starting their work now

Thank you Questions?