Presentation is loading. Please wait.

Presentation is loading. Please wait.

SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer"— Presentation transcript:

1 SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer victor@sdsc.edu

2 SAN DIEGO SUPERCOMPUTER CENTER Overview Information Assurance What we are up against Security and Grids Example incident SDSC Security Strategy Teragrid Security Security resources to take away

3 SAN DIEGO SUPERCOMPUTER CENTER Information Assurance “Information assurance is ensuring that your information is where you want it, when you want it, in the condition that you need it, and available [only] to those that you want to have access to it” - Andrew Blyth and Gerald L. Kovacich, Information Assurance: Surviving in the Information Environment

4 SAN DIEGO SUPERCOMPUTER CENTER Information Assurance Information assurance, and more specifically data integrity assurance, requires the mitigation of the risk of loss of data from all possible sources including: natural disasters media corruption vendor software and hardware failures operational errors Unintentional/unauthorized user activity Unauthorized and/or malicious activity

5 SAN DIEGO SUPERCOMPUTER CENTER

6

7

8

9

10

11 Security and Grids Grids add another layer of risk to the security model for the security professionals… The open, collaborative nature of the research and academic environment [grids] now allow unintentional/ unauthorized user activity and unauthorized and/or malicious activity [potentially] to spread to the Grid

12 SAN DIEGO SUPERCOMPUTER CENTER Security and Grids

13 SAN DIEGO SUPERCOMPUTER CENTER Who… Us Worry? The open collaborative nature of the research and academic environment is an inviting target Let me illustrate in an example…

14 SAN DIEGO SUPERCOMPUTER CENTER Intrusion Example

15 SAN DIEGO SUPERCOMPUTER CENTER The Protection Gap*  Information system protection measures have not kept pace with rapidly advancing technologies  Information security programs have not kept pace with the aggressive deployment of information technologies within enterprises  Two-tiered approach to security (i.e., national security community vs. everyone else) has left significant parts of the critical infrastructure vulnerable  * source Ron Ross of NIST

16 SAN DIEGO SUPERCOMPUTER CENTER SDSC Security Strategy

17 SAN DIEGO SUPERCOMPUTER CENTER SDSC Security Strategy

18 SAN DIEGO SUPERCOMPUTER CENTER Teragrid Security MOU for Teragrid participation Teragrid Security Policy Teragrid Security Baseline Minimum Security Standards version 1 document written Biweekly Security WG calls Incident Response

19 SAN DIEGO SUPERCOMPUTER CENTER Teragrid Incident Response Incident Response (IR) team IR process playbook and IR flowchart secure communications setup Weekly Incident Response calls

20 SAN DIEGO SUPERCOMPUTER CENTER Teragrid Portal Projects http://www.teragrid.org/ -> Science Gateways http://www.teragrid.org/ Portals developed specifically for a community Communities requesting and using role-based accounts HPC resources back-end portal Security implications pushed to portal - authentication, auditing, etc.

21 SAN DIEGO SUPERCOMPUTER CENTER Resources  http://security.sdsc.edu/ http://security.sdsc.edu/  SDSC’s Defense-In-Depth strategy white paper  SDSC’s policies Note CIP Portal Policy/MSG  http://www.cichannel.org/ http://www.cichannel.org/  Security Training available  Lectures available

22 SAN DIEGO SUPERCOMPUTER CENTER Q&A

Download ppt "SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer"

Similar presentations

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.
IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….

IT Web Application Audit Principles Presented by: James Ritchie, CISA, CISSP….
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.

Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
Beyond Business Continuity And Disaster Recovery The Paradigm Shift Mardecia Bell Ann Harris.

Beyond Business Continuity And Disaster Recovery The Paradigm Shift Mardecia Bell Ann Harris.
Security+ Guide to Network Security Fundamentals

Security+ Guide to Network Security Fundamentals
Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.

Cybersecurity Summit 2004 Andrea Norris Deputy Chief Information Officer/ Director of Division of Information Systems.
Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.

Enterprise Architecture The Arkansas Approach. Key Areas What is enterprise architecture? Why is it important? How you can participate Current status.
Lecture 11 Reliability and Security in IT infrastructure.

Lecture 11 Reliability and Security in IT infrastructure.
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.

Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.

Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.
Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.

Accessibility, Integrity, & Confidentiality: Security Challenges for E-Business Rodney J. Petersen University of Maryland & Educause/Internet2 Security.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)

1 HIPAA Security Overview Centers for Medicare & Medicaid Services (CMS)
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss

K E M A, I N C. NERC Cyber Security Standards and August 14 th Blackout Implications OSI PI User Group April 20, 2004 Joe Weiss
Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
HIPAA COMPLIANCE WITH DELL

HIPAA COMPLIANCE WITH DELL

Similar presentations

Ads by Google