SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer

Slides:

Advertisements

Similar presentations

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.

Advertisements

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Beyond Business Continuity And Disaster Recovery The Paradigm Shift Mardecia Bell Ann Harris.

Security+ Guide to Network Security Fundamentals

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.

Lecture 11 Reliability and Security in IT infrastructure.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Information Systems Security Computer System Life Cycle Security.

HIPAA COMPLIANCE WITH DELL

BITS Proprietary and Confidential © BITS Security and Technology Risks: Risk Mitigation Activities of US Financial Institutions John Carlson Senior.

Seán Paul McGurk National Cybersecurity and Communications

1 Information System Security Assurance Architecture A Proposed IEEE Standard for Managing Enterprise Risk February 7, 2005 Dr. Ron Ross Computer Security.

CMGT400 Intro to Information Assurance and Security (University of Phoenix) Lecture, Week 5 Tom Olzak, MBA, CISSP.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 1 – Overview.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.

GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.

August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Definitions of Business, E- Business, and Risk  Business: An organization involved in trade of goods and/or services to the consumers  E-Business: Application.

Note1 (Admi1) Overview of administering security.

Federal Information Security Management Act (FISMA) By K. Brenner OCIO Internship Summer 2013.

Randy Beavers CS 585 – Computer Security February 19, 2009.

Working with HIT Systems

Cyber Insecurity Under Attack Cyber Security Past, present and future Patricia Titus Chief Information Security Officer Unisys Corporation.

Converting Policy to Reality Designing an IT Security Program for Your Campus 2 nd Annual Conference on Technology and Standards May 3, 2005 Jacqueline.

Last Minute Security Compliance - Tips for Those Just Starting 10 th National HIPAA Summit April 7, 2005 Chris Apgar, CISSP – President Apgar &

Information Systems, Security, and e-Commerce* ACCT7320, Controllership C. Bailey *Ch in Controllership : The Work of the Managerial Accountant,

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

NIST Computer Security Framework and Grids Original Slides by Irwin Gaines (FNAL) 20-Apr-2006 Freely Adapted by Bob Cowles (SLAC/OSG) for JSPG 13-Mar-2007.

Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair.

2005 GRIDS Community Workshop1 Learning From Cyberinfrastructure Initiatives Grid Research Integration Development & Support

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

Strategy: Focus on the foundation of the service catalog Strategy : Implement a personal network Strategy : Invest in tools that empower Principle: Users.

Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.

Business Continuity Disaster Planning

Chapter 8 – Administering Security  Security Planning  Risk Analysis  Security Policies  Physical Security.

HHS Security and Improvement Recommendations Insert Name CSIA 412 Final Project Final Project.

INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

Best Cyber Security Practices for Counties An introduction to cybersecurity framework.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

Information Security Officer Meeting

Slide Template for Module 4 Data Storage, Backup, and Security

Critical Security Controls

Cyber System-Centric Approach To Cyber Security and CIP

Neopay Practical Guides #2 PSD2 (Should I be worried?)

In the attack index…what number is your Company?

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer

SAN DIEGO SUPERCOMPUTER CENTER Overview Information Assurance What we are up against Security and Grids Example incident SDSC Security Strategy Teragrid Security Security resources to take away

SAN DIEGO SUPERCOMPUTER CENTER Information Assurance “Information assurance is ensuring that your information is where you want it, when you want it, in the condition that you need it, and available [only] to those that you want to have access to it” - Andrew Blyth and Gerald L. Kovacich, Information Assurance: Surviving in the Information Environment

SAN DIEGO SUPERCOMPUTER CENTER Information Assurance Information assurance, and more specifically data integrity assurance, requires the mitigation of the risk of loss of data from all possible sources including: natural disasters media corruption vendor software and hardware failures operational errors Unintentional/unauthorized user activity Unauthorized and/or malicious activity

SAN DIEGO SUPERCOMPUTER CENTER

Security and Grids Grids add another layer of risk to the security model for the security professionals… The open, collaborative nature of the research and academic environment [grids] now allow unintentional/ unauthorized user activity and unauthorized and/or malicious activity [potentially] to spread to the Grid

SAN DIEGO SUPERCOMPUTER CENTER Security and Grids

SAN DIEGO SUPERCOMPUTER CENTER Who… Us Worry? The open collaborative nature of the research and academic environment is an inviting target Let me illustrate in an example…

SAN DIEGO SUPERCOMPUTER CENTER Intrusion Example

SAN DIEGO SUPERCOMPUTER CENTER The Protection Gap*  Information system protection measures have not kept pace with rapidly advancing technologies  Information security programs have not kept pace with the aggressive deployment of information technologies within enterprises  Two-tiered approach to security (i.e., national security community vs. everyone else) has left significant parts of the critical infrastructure vulnerable  * source Ron Ross of NIST

SAN DIEGO SUPERCOMPUTER CENTER SDSC Security Strategy

SAN DIEGO SUPERCOMPUTER CENTER SDSC Security Strategy

SAN DIEGO SUPERCOMPUTER CENTER Teragrid Security MOU for Teragrid participation Teragrid Security Policy Teragrid Security Baseline Minimum Security Standards version 1 document written Biweekly Security WG calls Incident Response

SAN DIEGO SUPERCOMPUTER CENTER Teragrid Incident Response Incident Response (IR) team IR process playbook and IR flowchart secure communications setup Weekly Incident Response calls

SAN DIEGO SUPERCOMPUTER CENTER Teragrid Portal Projects -> Science Gateways Portals developed specifically for a community Communities requesting and using role-based accounts HPC resources back-end portal Security implications pushed to portal - authentication, auditing, etc.

SAN DIEGO SUPERCOMPUTER CENTER Resources   SDSC’s Defense-In-Depth strategy white paper  SDSC’s policies Note CIP Portal Policy/MSG   Security Training available  Lectures available

SAN DIEGO SUPERCOMPUTER CENTER Q&A