Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prevention is better than Cure

Published byΤισιφόνη Αλεξάκης Modified over 6 years ago

Similar presentations

Presentation on theme: "Prevention is better than Cure"— Presentation transcript:

1 Prevention is better than Cure
Linda Cornwall DI4R lightning talk – 30th September 2016

2 Preventing What? Preventing Security incidents
In EGI the majority of the work done by the security teams goes into preventing incidents We can’t prevent all security incidents Incidents can occur due to exploitation of Software Vulnerabilities EGI Software Vulnerability Group purpose is “To minimize the risk to the EGI infrastructure arising from software vulnerabilities“ Linda Cornwall – Preventing Security Incidents – DI4R 30th September 2016

3 Largest activity is to handle vulnerabilities reported
Anyone may report an issue by to Vulnerabilities are handled according to the SVG issue handling procedure This includes investigating the issue, it’s relevance and affect in EGI If relevant to EGI the risk in the EGI environment is assessed, and put in 1 of 4 categories – ‘Critical’, ‘High’, ‘Moderate’ or ‘Low’ If it has not been fixed, Target Date (TD) for resolution is set - ‘High’ 6 weeks, ‘Moderate’ 4 months, ‘Low’ 1 year Advisory issued, if the risk is ‘Critical’ or ‘High’ or other good reason Linda Cornwall – Preventing Security Incidents – DI4R 30th September 2016

4 Some Numbers Year Number of Vulnerabilities Number of Advisories
CRITICAL HIGH 2011 34 14 3 6 2012 22 17 2 4 2013 38 15 2014 36 26 11 2015 46 8 2016 (to Sept) 31 20 5 Linda Cornwall – Preventing Security Incidents – DI4R 30th September 2016

5 Reaching out EGI Software Vulnerability Group activities are currently very EGI focussed + Worldwide Large Hadron Collider Grid (WLCG) Looking at how to collaborate/share information with other infrastructures Risk in distributed Infrastructures often different from other software deployment Linda Cornwall – Preventing Security Incidents – DI4R 30th September 2016

6 Summary We aim to prevent security incidents
We handle software vulnerabilities We want to work with others We have a wiki Prevention is better than cure! Thank you for your attention Linda Cornwall – Preventing Security Incidents – DI4R 30th September 2016

Download ppt "Prevention is better than Cure"

Similar presentations

EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Grid Security Vulnerabilities Dr Linda Cornwall,

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid Security Vulnerabilities Dr Linda Cornwall,
Conducting Patient Safety Rounds with Staff. First Steps Set the stage –Unit and Hospital Leadership Support –Identify a “champion(s)” for each unit where.

Conducting Patient Safety Rounds with Staff. First Steps Set the stage –Unit and Hospital Leadership Support –Identify a “champion(s)” for each unit where.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
Remedy, a BMC Software company Change Management Maximize Speed and Minimize Risk in the Change Process.

Remedy, a BMC Software company Change Management Maximize Speed and Minimize Risk in the Change Process.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.

EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.
COMP 208/214/215/216 Lecture 2 Teams and Meetings.

COMP 208/214/215/216 Lecture 2 Teams and Meetings.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks From ROCs to NGIs The pole1 and pole 2 people.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks From ROCs to NGIs The pole1 and pole 2 people.
OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.

OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.
The Grid Services Security Vulnerability and Risk Assessment Activity in EGEE-II Enabling Grids for E-sciencE EGEE-II INFSO-RI-031688

The Grid Services Security Vulnerability and Risk Assessment Activity in EGEE-II Enabling Grids for E-sciencE EGEE-II INFSO-RI
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Handling Grid Security Vulnerabilities in.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Handling Grid Security Vulnerabilities in.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks The Grid Security Vulnerability Group Dr.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks The Grid Security Vulnerability Group Dr.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Grid Security Vulnerability Handling and.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Grid Security Vulnerability Handling and.
Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005

Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005

Similar presentations

Ads by Google