Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Management Geant SIG-SIM – Alf Moens

Published byJohn Blankenship Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Management Geant SIG-SIM – Alf Moens"— Presentation transcript:

1 Security Management Geant SIG-SIM – Alf Moens
Security management in Norway – Rolf Sture Normann Security management at DEIC – Henrik Larsen Nordunet Helsinki

2 SIG Information Security Management & WISE
Alf Moens

3 Whoami Corporate security officer SURF Board member SCIPR
Chair SIG-ISM Board member WISE Member Géant Community Committee ICT and security background with strong interest in privacy Board member Dutch Platform for security professionals Master Information Security Management (MISM, 2007) Meer over security management process Describe details And add pdca , describe the components

4 GÉANT GÉANT is the leading collaboration on network and related infrastructure and services for the benefit of research and education an EC trusted partner for many years, as the coordinator of network projects co-funded by the European Union (EU). a member organisation with NRENs as members Research projects: GN4 Network archtecture Network services Trust and identity Collaboration projects Several SIGs and taskforces; MSP: NREN service delivery Marcom NOC TF-CSIRT SIG-ISM TF-Storage Spin offs REFEDS WAT IS GEANT, WAAROM, WELKE SIGS

5 The security landscape
Organisation, governance, roles and responsibilities, policy Incident detection, prevention and respons Monitoring of infrastructure and suppliers Risk management, security measures Awareness and training Assessments, Audit Describe how these communities reinforce each other

6 Who is doing what in the security landscape?
Describe how these communities reinforce each other

7 national communities Géant SIG-ISM WISE TF-CSIRT CEO Forum SIG-ISM
NREN CERT ???? Describe how these communities reinforce each other

8 Competing or collaborating?
Organisation, governance, roles and responsibilities, policy SIG-ISM / WISE / CEO Forum Incident detection, prevention and respons Monitoring of infrastructure and suppliers Risk management, security measures Awareness and training TF-CSIRT NREN-CERT national communities Assessments, Audit Describe how these communities reinforce each other

9 WISE – security for e-infrastructures
WISE is for the e-infrastructures, globally, both networking and super- and gridcomputing infrastructures. WISE was initiated by Géant SIG-ISM and SCI. SIG-ISM: Information Security Management SCI: Security for Collaboration among Infrastructures “Launching” e-infrastructures: Géant (European research and education networks) EGI (European Grid Infrastructure) EUDAT (research data services) PRACE (high performance computing) Participating communities NRENs, HEP/CERN, the Human Brain Project, XSEDE, NCSA, CTSC, LIGO and others Kick off meeting at BSC, Barcelona, oktober 2015, 49 participants Workshops at XSEDE and DI4R in 2016

10 WISE working program 2016 Updating the SCI-framework: an operational security framework with guidance for incident response, changes, user management Security Training and Awareness: what training do you need, what is available Risk Assessment: Looking at the major risks on information security for an e-infrastructure Security Review and Audit: Can we set up a program of peer reviewing? What should you audit and when? Security in Big and Open Data: Identifying the security needs for big and open data

11 SIG ISM Géant SIG ISM Aimed at security officers Getting in control
Information Security Management Incident management seen as part of security management Purpose - Trust, on what basis? - To certify or not to certify? Whitepapers information security management Risk management 2016: Expand the community Establish a Risk Register How to implement security management Anually

12 Artwork: Rolf Sture Normann

13 SIG ISM is looking at NREN needs
Strong CERTs/CSIRTs Trust Some are ISO certified or are working on it: Because they are a tld registry Because they deliver services to government Internal motivation: goals for quality management With SIG-ISM we are joining forces on the subject of trust

14 Whitepaper on Security Management
High level paper on how to organise information security in you organisation Role and responsibilities Selecting standards Full paper at:

15 Whitepaper on Risk Management
High level paper on the setting up and maintaining a risk management proces for an NREN. Paper in draft, publicly available in september 2016 Abouth organisation and methods for establishing a risk register aimed at controlling risk and taken the right measures.

16 Designing the Risk Matrix
SIG ISM worked on 3 subjects of the Risk Matrix in her february workshop in Copenhagen Risks concerning hosted services Risks concerning People Risks concerning federated identity management systems First steps to a comprehensive risk matrix for an NREN Cooperate with WISE WG-SRA

17 Outcome Copenhagen Workshop (work in progress)
Hosted Services infrastructure complexity insecure software or infrastructures supplier incident detection trust/over-delegation People Economical loss/reputation Sickness Leaving staff Segregation of duties Policies Screening (lack of) Federations Declining (implicit) trust in growing federations  Federation operator procedures and responsibilities  Users cannot log in  Cannot identify abuser/intruder  Leak/abuse of personal information SP Data/Attribute profiles appropriate  Protocol implementation vulnerabilities 

18 Results of the September 2016 Trondheim Workshop
Write up success stories: What works, what doesn’t work Business case for security management: when is security a success? Share information and documentation Expand the risk register Tooling for security and risk management, and for secure sharing of information Set up a directory of key people with a short description (2-pager) of what they are doing and how Set up a FAQ Survey on ISM Trondheim

19 Competing or collaborating?
Organisation, governance, roles and responsibilities, policy SIG-ISM / WISE / CEO Forum Incident detection, prevention and respons Monitoring of infrastructure and suppliers Risk management, security measures Awareness and training TF-CSIRT NREN-CERT national communities Assessments, Audit Describe how these communities reinforce each other

20 Allways be prepared For your next incident

21 From incident handling to security management
Key Largo

22 Alf Moens Foto’s: Alf Moens

Download ppt "Security Management Geant SIG-SIM – Alf Moens"

Similar presentations

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.

The Crown and Suppliers: A New Way of Working People & Security15:35 – 16:20 Channels & Citizen Engagement Social Media ICT Capability Risk Management.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT)
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Medical Audit.

Medical Audit.
Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.

Thomas Levy. Agenda 1.Aims: Reducing Cyber Risk 2.Information Risk Management 3.Secure Configuration 4.Network Security 5.Managing User Access 6.Education.
1 Growth Centres Commission www.gcc.nsw.gov.au Corruption Prevention Network – Annual Forum 11 September 2008 Corruption Prevention Network Annual Forum.

1 Growth Centres Commission Corruption Prevention Network – Annual Forum 11 September 2008 Corruption Prevention Network Annual Forum.
Towards the definition of an eIRGRoma, 10 December 20031 An e-Infrastructure in Europe: a strategy and policy driven approach for a policy eIRG A pink.

Towards the definition of an eIRGRoma, 10 December An e-Infrastructure in Europe: a strategy and policy driven approach for a policy eIRG A pink.
Networks ∙ Services ∙ People www.geant.org Alessandra Scicchitano TF-CSIRT meeting – Tallinn, Estonia SIG-ISM Update 24 th September 2015 SIG-ISM Secretary.

Networks ∙ Services ∙ People Alessandra Scicchitano TF-CSIRT meeting – Tallinn, Estonia SIG-ISM Update 24 th September 2015 SIG-ISM Secretary.
Eurostat/UNSD Conference on International Outreach and Coordination in National Accounts for Sustainable Development and Growth 6-8 May, Luxembourg These.

Eurostat/UNSD Conference on International Outreach and Coordination in National Accounts for Sustainable Development and Growth 6-8 May, Luxembourg These.
Connect. Communicate. Collaborate Click to edit Master title style PERT OPERATIONS.

Connect. Communicate. Collaborate Click to edit Master title style PERT OPERATIONS.
Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.

Authentication and Authorisation for Research and Collaboration Licia Florio REFEDS Meeting The AARC Project I2 Technology Exchange.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
Networks ∙ Services ∙ People www.geant.org Laura Durnford TF-CPR, Cambridge What are other working groups up to? 29 October 2015 GÉANT.

Networks ∙ Services ∙ People Laura Durnford TF-CPR, Cambridge What are other working groups up to? 29 October 2015 GÉANT.
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.

Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

Progress Report on the U.S. NSTIC Efforts Jack Suess – Delegate for Research, Development, Education & Innovation

Similar presentations

Ads by Google