E-Science Projects and Security M. Angela Sasse & Mike Surridge.

Slides:

Advertisements

Similar presentations

Module N° 7 – SSP training programme

Advertisements

Module N° 4 – ICAO SSP framework

1 Welcome Training Programme Karachi Training Plan The objective of the workshop is to initiate the establishment of a training programme The.

| | Learning from EuroHealthNets Health Inequalities Projects.

Press Esc to end the show INTRODUCTION TO MANAGING THE HUMAN RESOURCE.

The Core Competencies for Youth Development Professionals were developed with leadership from the OPEN Initiative, Missouri Afterschool Network (MASN),

Introducing Research Ethics & the UREC Professor Chris Newman, UREC Chair.

Personalisation Implications for the workforce. On the internal workforce –What does the new agenda mean for social care staff? –What changes will we.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Child Safeguarding Standards

Department of Human Services Disability Leasing Model (DLM) Presentation For Community Service Organisations For Secretary Owned Shared Supported Accommodation.

Registration Update GT Training Day Bristol 20 November 2014 GT Training Day Bristol 20 November 2014.

Interagency Perspectives Opportunities and Challenges in Working Together.

Health and Work Development Unit 2011 Implementing NICE public health guidance for the workplace: Implementation and audit action planning toolkit.

The situation The requirements The benefits What’s needed to make it work How to move forward.

Children’s Social Care Workload Management System (WMS) A Two-fold approach DSLT 16 th November 2010 Updated with new SWRB standards.

1 Question 5 : Are they well led? Supporting staff Temporary Staffing MAST Staff Appraisals.

03 December 2003 Digital Certificate Operation in a Complex Environment Consultation/Stakeholders Meeting 3 December 2003.

ECM Project Roles and Responsibilities

TC176/IAF ISO 9001:2000 Auditing Practices Group.

Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service.

Control environment and control activities. Day II Session III and IV.

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

1 CHCOHS312A Follow safety procedures for direct care work.

Induction of New Board Members September 14 th, 2010 Trainer: Caroline Egan, Carmichael Centre for Voluntary Groups.

Concept To develop a low cost, consistent end of life care programme, available to all care homes. It will support the development of nominated staff.

Presentation for Club Development Information Seminar - August 28, 2010 Club Committees – Roles, Structures and Meetings A Set of Standards for Club Committees.

Presented by: Insert Name Safety Management Consultant

Improving Corporate Governance in Malaysian Capital Markets – The Role of the Audit Committee Role of the Audit Committee in Assessing Audit Quality.

UK GRID Firewall Workshop Matthew J. Dovey Technical Manager Oxford e-Science Centre.

Presenter-Dr. L.Karthiyayini Moderator- Dr. Abhishek Raut

APAPDC National Safe Schools Framework Project. Aim of the project To assist schools with no or limited systemic support to align their policies, programs.

Clinical Risk Unit University College London International Perspectives Feedback from the review board Charles Vincent Clinical Risk Unit University College.

Planning for Continuing Professional Development – A Whole School Approach A step by step guide to planning CPD including a framework for Teacher Induction.

Quality Assurance. Identified Benefits that the Core Skills Programme is expected to Deliver 1.Increased efficiency in the delivery of Core Skills Training.

Module N° 8 – SSP implementation plan. SSP – A structured approach Module 2 Basic safety management concepts Module 2 Basic safety management concepts.

Welcome to SURF 09 Involving Patients and the Public in HCAI Research.

Adaptation knowledge needs and response under the UNFCCC process Adaptation Knowledge Day V Session 1: Knowledge Gaps Bonn, Germany 09 June 2014 Rojina.

UK Wide Core Skills & Training Framework Findings of 2 nd Stage Consultation and Implications for Development of the Framework.

Module 2: Creating a Plan for Network Security. Overview Introduction to Security Policies Designing Security by Using a Framework Creating a Security.

JOINING UP GOVERNMENTS EUROPEAN COMMISSION Establishing a European Union Location Framework.

DIRECT WORKS FORUM 10 June 2008 Andy Ballard. COMMON LAW MANSLAUGHTER Effectively – Death by gross negligence Test – (a) was a (common law) duty of care.

Supporting education and research JISC Strategy for Support of eResearch Nicole Harris JISC Programme Manager.

Supporting education and research Security and Authentication for the Grid Alan Robiette, JISC Development Group.

Safety Management System Implementation Michael Niels Thorsen Moscow 15 September 2005.

Aline Giordano & Sean Wellington Southampton Solent University.

Information Security IBK3IBV01 College 3 Paul J. Cornelisse.

1 1 Company Logo Tag Line Here i.e. Creating a Culture of Innovative Leaders Prepared by XXXX Client Manager Date ABC Company – INSEAD Leadership Development.

Care Certificate Standards. Introduction The Care Certificate Standards are a set of 15 standards that the health and social care work force are required.

Security for eScience M. Angela Sasse & Brock Craft University College London

WISER: Teaching Information literacy This session will give an overview of the key concepts and models of information literacy as an important transferable.

© Centre for Integral Excellence Sheffield Hallam University What does this mean in practice for process management? We.

Organizing a Privacy Program: Administrative Infrastructure and Reporting Relationships Presented by: Samuel P. Jenkins, Director Defense Privacy Office.

E-Science Security Roadmap Grid Security Task Force From original presentation by Howard Chivers, University of York Brief content:  Seek feedback on.

Current and future work of the Adaptation Committee in the area of adaptation technologies Workshop on technologies for adaptation Bonn, Germany, 4 March.

SOLGM Wanaka Retreat Health and Safety at Work Act 2015 Ready? 4 February 2016 Samantha Turner Partner DDI: Mob:

Roles & responsibilities Involving staff in safety management December 2015 Dr Emer Bell Integrated Risk Solutions.

Revised Quality Assurance Arrangements for Registered Training Organisations Strengthening our commitment to quality - COAG February 2006 September 2006.

On completion of the scenario, students will be able to: Learning Outcomes 1 Critically analyse and prioritise information security risks. 2 Systematically.

General Data Protection Regulation (EU 2016/679)

Volunteer Role Description for: Location: Main contact:

Office 365 Security Assessment Workshop

Gap Analysis Continuing the development of the strategy

WELSH RISK POOL Vicky Langford.

Helpful Hints for action to prevent elder abuse

Implementing the National School Safety Framework

COBIT 5: Framework, BMIS, Implementation and future Information Security Guidance Presented by.

SECURITY AND RISK MANAGEMENT CONSULTANT

CEng progression through the IOM3

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

E-Science Projects and Security M. Angela Sasse & Mike Surridge

Practical Security Workshop Nov Who are we? M. Angela Sasse, Department of Computer Science, University College London (UCL) – Mike Surridge IT Innovation, University of Southampton – Members of the Security Task Force

Practical Security Workshop Nov Why are we here? Previous STF work with projects unveiled raft of issues – Awareness of security issues – Perception – Management – Implementation

Practical Security Workshop Nov Security not high on agenda ‘Still early stages … going from requirements to design’ ‘Get it to work first, then we’ll worry about security.’ – ‘There are no security issues: all our data are public.’ – ‘This is just a proof of concept – no commercial implications.’

Practical Security Workshop Nov Perceptions & Attitudes Not interested in security Interested in security, but … No security knowledge and skills “what threat? Doesn’t X do that?” “don’t know where to start” Some security knowledge and skills, but … “not my job/ not worth it” “impossible to get it right anyway”

Practical Security Workshop Nov Management issues Nobody in charge of security – Virtual organisations: no clear lines of communication or responsibility – Ad-hoc decision-making – Urban legends Implicit assumptions: security is taken care of by others – people (sysadmin, other developers networking, computer centre, …) – technologies (Globus, firewalls, certificates, …)

Practical Security Workshop Nov Difficulties implementing security Knowledge lacking or inaccurate – Threats – Countermeasures – Best practice Developers and administrators feel overloaded Conflicts with institutional regulations and mechanisms

Practical Security Workshop Nov Image problem Projects vs. security – “security is used to prevent change” – bureaucrats, detached, “preach”, not helpful – projects have many questions, but don’t pursue them in a coherent manner or involve security experts Security vs. projects – “users don’t care” – something that must be controlled

Practical Security Workshop Nov Policy Purpose To promote best practice in security – in UK e-Science projects – in the UK e-Science Programme To recognise and manage security risks from – distributed networked (grid) information systems – distributed, collaborative project management – newly discovered security problems in new grid or e-Science technology The policy is part of the Programme’s overall security approach

Practical Security Workshop Nov Stipulations Projects must adopt secure practices – commensurate with the risks they face Project must – document their security policy and practices – undertake a detailed threat and risk analysis – ensure adequate resources to address threats – provide staff training where appropriate – keep up to date with security developments Projects may be subject to audit – against their own security policy…

Practical Security Workshop Nov Project Security Policies Must be commensurate with risks faced – driven by a project threat and risk analysis – not based on any “pre-ordained” security level May need to address – policy and guidance from the Programme – legal obligations: health and safety, personal data protection – ethical frameworks: oversight committees, etc – specific security threats – actions to be taken if security is breached – community best-practice

Practical Security Workshop Nov Responsibility Responsibility for the programme policy – UK e-Science Core Programme Directorate – advised by STF and TAG Responsibility for project security – project Principal Investigator – aided by their project management team Principal Investigator must – identify and address security roles – establish operational security contact points – ensure project security policy is maintained

Practical Security Workshop Nov Security Risk Management Should drive project security policy Requires identification of threats and risks – to project staff and associated personnel – to computer systems – to information – to relationships – to reputation – to the UK Programme – etc Project security policy must address threats

Practical Security Workshop Nov Practical Security Workshop Support for project PI’s and their teams – practical risk identification and management – practical advice on specific policy issues – disseminating best practice Support for the UK Programme through STF – identifying security risks to the overall programme – identifying security risk management methods – identifying gaps in technology, processes and skills – disseminating best practice The Programme must observe its policy too!

Practical Security Workshop Nov Purpose of Workshop Help security projects to define their security needs Share experiences, learn from each other Introduce methods and tools (risk analysis and management) First steps towards developing good practice Identify training and support needs

Practical Security Workshop Nov Workshop Approach Presentations – on risk identification and management – on project experiences Breakout sessions – to identify project security risks – to identify appropriate security mechanisms Results – greater awareness of types of risks and defences – understanding of best practice for projects – gaps and needs of the Programme

Practical Security Workshop Nov Overview Day 1 - morning Registration and coffee Welcome (Alan Robiette, Chair, Security Task Force for the e- Science Programme) Workshop Introduction: e-Science projects and security (Mike Surridge, IT Innovation & Angela Sasse, UCL) Understanding and managing risks (Jonathan Moffett, York University) Lunch

Practical Security Workshop Nov Overview Day 1- afternoon myGrid security issues (Luc Moreau, Southampton University) Breakout sessions: Identifying risks in your projects (including tea at 15.30) Reports from workshop groups Security lessons from the EGSO Project (Clare Gryce, UCL) Close Dinner

Practical Security Workshop Nov Overview Day Coffee Managing security in the DAME Project (Howard Chivers, York University) Breakout sessions: Managing risks in your projects (including coffee at 11.00) Lunch Reports from workshop groups Establishing secure practices (Peter Ryan, Newcastle University) Closing remarks: Security in e-Science projects - First steps in the right direction (Mike Surridge, IT Innovation & Angela Sasse, UCL)