1 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISS e G EU-FP6 Project 026745 Overview.

Slides:



Advertisements
Similar presentations
HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Advertisements

Researchers nights Information Day Colette RENIER Research Executive Agency FP7-PEOPLE-2010-NIGHT INFORMATION DAY Brussels, 12 November.
ICAO Seminar on Aeronautical spectrum management (Cairo, 7 – 17 June 2006) SAFIRE Spectrum and Frequency Information Resource (presented by Eurocontrol)
1 st Review Meeting, Brussels 5/12/12 – Technical progress (P. Paganelli, Bluegreen) iCargo 1st Review Meeting Brussels 5/12/12 Technical.
Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works
CENTRAL EUROPE PROGRAMME SUCCESS FACTORS FOR PROJECT DEVELOPMENT: focus on activities and partnership JTS CENTRAL EUROPE PROGRAMME.
Computer Security: Principles and Practice
EC Review – 01/03/2002 – G. Zaquine – Quality Assurance – WP12 – CS-SI – n° 1 DataGrid Quality Assurance Gabriel Zaquine Quality Engineer - WP12 – CS-SI.
EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.
Oversight CHAPTER SIXTEEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.
1 Framework Programme 7 Guide for Applicants
SESAR Single European Sky Air traffic management Research
The Preparatory Phase Proposal a first draft to be discussed.
S L H C – P P Management Tools Kick-off Meeting April 8 th, 2008 Mar CAPEANS CERN This project has received funding from the European.
SLHC-PP Admin News Admin guide Time sheets Effort Web Pages 1 st Deliverable Report SLHC-PP Steering Committee Meeting CERN, July 3 rd, 2008.
Security Policy Evaluation Using Balanced Scorecards Mohamad El Osta MBA 737 April 29, 2008.
Chapter 6 of the Executive Guide manual Technology.
Reporting Guidelines (FP5) Karen Fabbri Scientific Officer Natural & Technological Hazards DG Research European Commission Brussels
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
Technology Strategy Board Driving Innovation Participation in Framework Programme 7 Octavio Pernas, UK NCP for Health (Industry) 11 th April 2012.
EPOCA – 11. June EPOCAConsortiumOrganisation.
“Thematic Priority 3” Draft Evaluation of IP + NoE.
SA1/SA2 meeting 28 November The status of EGEE project and next steps Bob Jones EGEE Technical Director EGEE is proposed as.
JRA Execution Plan 13 January JRA1 Execution Plan Frédéric Hemmer EGEE Middleware Manager EGEE is proposed as a project funded by the European.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Demonstrators and Pan-European Services Laboratory WP5 session.
IDARI Workshop, Tartu, June 2005 NUI Galway Work Package 4 Administration Lorna Ryan The IDARI project is financed under the FP5 Quality of Life and Management.
EGEE MiddlewareLCG Internal review18 November EGEE Middleware Activities Overview Frédéric Hemmer EGEE Middleware Manager EGEE is proposed as.
S 1 Annual Meeting 2013 Management and reporting (WP6) Chiara Bearzotti NACLIM project manager.
Status Organization Overview of Program of Work Education, Training It’s the People who make it happen & make it Work.
Security Environment Assessment. Outline  Overview  Key Sources and Participants  General Findings  Policy / Procedures  Host Systems  Network Components.
Gabriela Macoveiu North-East RDA, Romania PP11 – WP responsible Cluster Policy Learning Platform WP3 Description Smarter Cluster Policies for South-East.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
Negotiation of Proposals Dr. Evangelos Ouzounis Directorate C DG Information Society European Commission.
INFSO-RI Enabling Grids for E-sciencE Plans for the EGEE-2 EGEE 2 Task Force 3rd EGEE Conference, Athens, April 2005.
© Services GmbH Proposal writing: Part B 2/1/ St. Petersburg, May 18, 2011 Dr. Andrey Girenko
Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.
EGEE is a project funded by the European Union under contract IST Roles & Responsibilities Ian Bird SA1 Manager Cork Meeting, April 2004.
EGEE Project Review Fabrizio Gagliardi EDG-7 30 September 2003 EGEE is proposed as a project funded by the European Union under contract IST
WP8– Governance Models Bernd Schirpke / Jurry de la Mar T-Systems - 03 July 2013 Bernd Schirpke - T-Systems 03/07/20131.
1 I ntegrated S ite S ecurity for G rids WP2 – Site Assessment Methodology, 20 June 2007 WP2 - Methodology ISS e G Integrated Site Security.
1 François Fluckiger ISS e G I ntegrated S ite S ecurity for G rids EGEE04-Pisa-25 October 2005 ISS e G Integrated Site Security for Grids EU-FP6 Project.
WP5 – Flagship Deployment Period 1 Review Phil Evans – Logica/CGI 1.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
URBACT IMPLEMENTATION NETWORKS. URBACT in a nutshell  European Territorial Cooperation programme (ETC) co- financed by ERDF  All 28 Member States as.
1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
Consumers, Health, Agriculture and Food Executive Agency 3rd Health Programme The Electronic Submission System (JA 2015) Georgios MARGETIDIS.
© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.
FISCO2 – Financial and Scientific Coordination Work Package dedicated to ENSAR2 management WP leader: Ketel Turzó WP deputy: Sandrine Dubromel ENSAR2 Management.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
André Hoddevik, Project Director Enlargement of the PEPPOL-consortium 2009.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Bob Jones EGEE Technical Director
ISSeG Integrated Site Security for Grids WP2 - Methodology
UNISEC Universal Influenza Vaccines Secured
DataGrid Quality Assurance
Ian Bird GDB Meeting CERN 9 September 2003
Integrated Site Security for Grids
BioMedBridges – Work Packages 2 & 12
Information session SCIENTIFIC NEGOTIATIONS Call FP7-ENV-2013-two-stage "Environment (including climate change)" Brussels 22/05/2013 José M. Jiménez.
Information session SCIENTIFIC & TECHNICAL NEGOTIATIONS Call FP7-ENV-2013-WATER-INNO-DEMO "Environment (including climate change)" Brussels 24/06/2013.
ITDG meeting of of October 2011
Neopay Practical Guides #2 PSD2 (Should I be worried?)
Presentation transcript:

1 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISS e G EU-FP6 Project Overview François Fluckiger CERN

2 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Facts and Figures  Four Partners  CERN (coordinator)  CCLRC, UK  FZK, Germany  CS-SI, France  Start: 01/02/06  Two years project  Budget: 1086 K€ years

3 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Financial Summary: EC Contribution Partners EC Contribution Total Activity (Direct + indirect cost) Management (subcontracted audit) CERN CSSI (audit) FZK (audit) CLRC Karin Burghauser, Severine Bergerot

4 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integrated Site Security for Grids  Overall aim  “Contribute to the consolidation of the European Grid infrastructure in the field of computer security”  Focus  Site Security to complement Grid security

5 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Origin of ISSeG  Summer 2004  Initiative from W. von Rüden for an openlab project on Site Security  Fall 2004  Discussion with industrial partners  March 2005  Proposal submitted EU-FP6 (“Specific Support Action” Instrument)

6 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integrated Site Security for Grids  Overall aim  “Contribute to the consolidation of the European Grid infrastructure in the field of computer security”  Focus  Site Security to complement Grid security  Project Objective: a.Create expertise b.Disseminate expertise  Key concept  Integration of all security components

7 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Site vs Grid Security  Grid Security  Authentication / Authorization in VOs  Traveling Data integrity  Specific security incident  Site Security  Technical Security  Policy, Regulation, Administration  Training and sensitization

8 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Site vs Grid Security GRID Infrastructure Site A R Site 8 H H Site C H R R GRID Security Site Security H H HH HH

9 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integration: The Three Dimensions Technical Infrastructure Network En-user systems Servers Mission-critical systems Policy Regulation Administration Policy formation \ enforcement User registration Rules and Regulations Training Sensitization End-users System managers Application developers

10 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integrated Approach  “Actions or decisions affecting one security component should be checked against other components likely to be affected, which in turn may have to be adapted”  “Good synchronization necessary between changes affecting transversally multiple components”  Examples of poor synchronization include:  New anti-spam or virus detection measures translated with delay into end-user information / training material  New security policy published whilst technical components necessary to their enforcement are not yet fully operational Technical Infrastructure Network En-user systems Servers Mission-critical systems Policy Regulation Administration Policy formation User registration Rules/Regulations Training Sensitization End-users System managers App. developers

11 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Guiding principles The four ISSeG buzz words Site ISSeG is not about GRID security Integration The concept we sold The genuine scientific dimension Practical Recommendations not-theoretical, based on practical deployments Multi-disciplinary Not only HEP

12 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 A two stage process 1Creation of raw expertise via  Two-site real deployment  Auditing  WP1  WP2 About “Deployment at CERN and FZK”  In practice, improving site security:  A continuing process  Pre-dated ISSeG  “Deployment” in more period during which actions are focussed

13 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 A two stage process 1Creation of raw expertise via  Two-site real deployment  Auditing  WP1  WP2 2Translation into  Applicable recommendations  Training  WP3  WP4

14 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Methodology  Expertise Creation  ISS deployment at CERN  ISS adaptation and export at FZK  Comparative auditing  Expertise Dissemination  Recommendations for ISS generalization  Training and disseminations actions M1- 3 M4- 6 M7- 9 M M M M M Deployment at CERN Deployment at FZK Recommendations for Generalization Training and Dissemination Comparative Auditing

15 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 WP Lead Contractors ActivityWPWork package titleLeadStartEnd SupportWP1Deployment of Integrated Site Security at CERN and FZK CERNM00M21 WP2Comparative auditing and analysis of site security CSSIM00M22 WP3Recommendations for Integrated Site Security generalization FZKM09M24 WP4Training and Expertise Dissemination CCLRCM06M24 Manage ment WP5Project ManagementCERNM00M24

16 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Involvement of partners in WPs  All partners involved in all Activity WPs CERNCSSIFZKCCLRCTotal Activities WP1 / Deployment WP2 / Comparative Auditing WP3 / Recommendations WP4 / Training and Dissemination Total 'specific activities'  Effort in person.months, EU-funded and unfunded

17 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 WP1.1: Deployment at CERN T1.1.1 Articulation of the CERN ISS strategy  CERN ISS strategy document (February 2006) T1.1.2 Production of the implementation plan  CERN ISS implementation plan document (March 2006)  Public version (April 2006) T1.1.3 Deployment and documentation of expertise 1  Intermediate deployment report (October 2006)  Public version (November 2006) T1.1.4 Deployment and documentation of expertise 2  Final deployment report (June 2007)  Public version (July 2007)

18 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 CERN Security Strategy Defined by 5 Strategic directions: S1Centralise management of resources S2Integrate management of resources via databases S3 Enhance network connectivity management S4Integrate and evolve security mechanisms and tools S5 Integrate Security Training, Best Practices and Administrative Procedures

19 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Admin Mngr Tech. Mngr Partner 1 Project Board Admin Mngr Tech. Mngr Partner 2 Tech. Mngr Admin Mngr Partner 3 Tech. Mngr Admin Mngr Partner 4 Technical Board Management Structure Project Technical Coordinator Project Coordinator Project Office

20 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Project Board members Partner representatives Administrative ManagerTechnical Manager CERNFrederic HemmerLionel Cons CS SIJean-François Mussotbc FZKUrsula EptingBruno Hoeft / Ursula Epting CCLRCDavid Jackson Project representatives Project CoordinatorProject Technical Coordinator CERNFrancois FluckigerDenise Heagerty  Initial appointments

21 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Project Board Technical Board Management Structure Project Technical Coordinator Project Coordinator Project Office Confidentiality Review Board Liaison Officers EGEE LCG Other

22 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Restricted and Public Deliverables  Most deliverables will have two versions  Restricted:  For EU and their designated reviewers  Public:  Delivered one month after the restricted version (usually, a stripped-down version)  No public deliverable will be released without the agreement of the Confidentiality Board

M01M02M03M04M05M06M07M08M09M10M11M12M13M14M15M16M17M18M19M20M21M22M23 D1.1.1D1.1.2 rD1.1.4 p WP1.1 D1.1.3 r D1.2.4 pD1.2.1D1.2.2 r WP1.2 D1.2.3 r WP2 D2.1D2.2 rD2.3D2.4 p M24 D3.1 D3.2 rD3.4r WP3 WP4 D4.1D4.2 WP5 D5.1D5.3D5.6 /5.7 D1.1.2 pD1.1.3 pD1.1.4 r D1.2.4r D5.2D5.4 D2.4 r D1.2.3 pD1.2.2 p D3.2 pD3.3 pD3.4 pD3.3 r D5.5 r,p D1.1.2 r Restricted deliverable D4.6D4.7 D4.5 D4.4 D4.3 D2.2.1 D4.5.1

M01M02M03M04M05M06M07M08M09M10M11M12M13M14M15M16M17M18M19M20M21M22M23 D1.1.1D1.1.2 rD1.1.4 p WP1.1 D1.1.3 r D1.2.4 pD1.2.1D1.2.2 r WP1.2 D1.2.3 r WP2 D2.1D2.2 rD2.3D2.4 p M24 D3.1 D3.2 rD3.4r WP3 WP4 D4.1D4.2 WP5 D5.1D5.3D5.6 /5.7 D1.1.2 pD1.1.3 pD1.1.4 r D1.2.4r D5.2D5.4 D2.4 r D1.2.3 pD1.2.2 p D3.2 pD3.3 pD3.4 pD3.3 r D5.5 r,p D1.1.2 r Restricted deliverable D4.6D4.7 D4.5D4.5.1 D4.4 D4.3 D2.2.1 D4.5.1

25 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Procedure for deliverables Confidential documents Work Packages Management Communication Public Documents World CreateReleaseReview Restricted version EU CreateRelease Review Change Public version EU

26 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Synergies with other EU projects BioInfoG. ISSeG ETICS 6DISS BELIEF BalticGrid IceAge

27 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for success We will be judged on our capability to  Demonstrate we do not duplicate EGEE’s Job  Address also non-HEP disciplines  Produce quality deliverables and dissemination material with real substance

28 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for progress Description of qualitative and quantitative criteria and achievements to assess the progress of the project and measure its success DateDeliverable Generalization of Central Management of on-site computers Generalize mechanisms for centrally managing on-site computersM06D1.1.3r D5.1 Increase the number of centrally managed computers at CERN beyond 5000 M06D1.1.3r D5.1 Increase the number of centrally managed computers at FZK beyond 2000 M08D1.2.3r D5.1 Automatic and customized configuration of on-site systems Put in place a pilot version of the system for centralized management of computers supporting customized configuration M06D1.1.3r D5.1 Test the pilot service over more than 50 computers at CERNM06D1.1.3r D5.1 Integration of computer account management facilities Put in place a system for synchronization and integration between computer accounts and personnel administrative data. M06D1.1.3r D5.1 As a measure of the usefulness and success of the system, detect at least 100 accounts to be closed due to policy violations at CERN M06D1.1.3r D5.1 As a measure of the usefulness and success of the system, detect at least 50 accounts to be closed due to policy violations at FZK M08D1.2.3r D5.1

29 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for progress Intrusion Detection Put in place a test Intrusion Detection System (IDS) by correlating host-based and network-based recorded data. M12D1.1.4p D5.2 Have deployed the test system on at least 6 host computers and 2 network devices at CERN. M12D1.1.4p D5.2 Protection of mission-critical systems Set up a Gateway system to access mission-critical devices (such a control systems). M06D1.1.3r D5.1 Provide access to mission-critical devices via a Gateway system to at least 50 users at CERN. M06D1.1.3r D5.1 Improvement of authentication mechanisms Evaluate comparatively alternatives for improving user authentication. M12D1.1.4p D1.2.4p D5.2 Having evaluated at least 3 differing technologies.M12D1.1.4p D1.2.4p D5.2 Improvement of user knowledge and awareness of computer security Create a quiz for evaluating and measuring the average knowledge of users on security principles, best practices, rules and policies. M03D5.1 Run the quiz at the beginning of the project at FZK, CCLRC and CERN and derive metrics on user awareness and knowledge of computer security. M03D5.1 Run the quiz at the end of the project at FZK, CCLRC and CERN. Analyze the results and compare them to those of the first evaluation. M22D5.5p

30 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for progress Dissemination via web site Release the first version of the education and dissemination web-site M12D4.2 Measure the achieved hit rate of the site after 3 months. Having attained at least 1000 hit after 3 months M15D5.3 Having attained at least 100 access of educational material after 3 months M15D5.3 Comparative auditing of security mechanisms Release first version of comparative auditing report M06D2.2r Having identified and documented at least 20 security items significant for comparing auditing results. M06D2.2r D5.1 Recommendations for ISS generalization Release intermediate report on ISS generalization M15D3.1 Having drafted at least 5 recommendations in the intermediate report. M15D3.1 D5.5p Dissemination beyond the audience of the project partners Having been invited by organizations or projects external to the consortium to give at least 10 public presentations on ISS M24D5.5p

31 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Risk Analysis  The most difficult aspects As perceived by the Project Coordinator  Involve scientific disciplines in requirements and dissemination (whom, how?)  Write clear, convincing, practical, useful recommendations  Meet our educational objectives (quantitative)

32 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Beyond ISS e G  ISSeG is a two-year project  Too short to achieve wide-scale ISS generalization  Sufficient to create the conditions for it  methods  recommendations  training all validated by the two deployments  ISS generalization … … may be the subject of a second phase

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.