trust community where security experts share information and work together creating collaboration among different e infrastructures Nicole Harris Alf Moens Introduction ID: 788239
Download The PPT/PDF document "WISE 2016 WISE : a global" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
WISE 2016
WISE
: a
global
trust community
where
security experts share information
and
work
together
,
creating
collaboration
among
different
e-
infrastructures
Nicole Harris / Alf Moens
Slide2Introduction
to
WISE
Why
WISE?
Participating
in WISE
WISE
working
groups
2016
Past
and
future
events
Slide3Why WISE?
Use
of
the
high-end e-
infrastructures
is
still
growing
Collaboration
is a
key
asset
of the e-
infrastructures
A
growing
number
of
users are
involved
with
multiple e-
infrastructures
Security Incident
Response
is
professionally
covered
with
intensive
collaboration
within
an
e-
Infrastructure
T
rust
amongst
infrastructures
needs
more: WISE
will
build
a trust framework
based
on
international
standards
Slide4Participants in WISE
WISE is
for
the
e-
infrastructures
,
globally
,
both
networking
and
super-
and
gridcomputing
infrastructures
.
WISE was
initiated
by
Géant SIG-ISM
and
SCI
SIG-ISM: Information Security Management
SCI
: Security
for
Collaboration
among
Infrastructures
“
Launching
” e-
infrastructures
:
Géant (European Research
and
education
networks
)
EGI (European
Grid
Infratsructure
)
EUDAT (research data services)
PRACE (High Performance Computing)
Participating
communities
NRENs
, HEP/CERN,
the
Human
B
rain Project, XSEDE, NCSA, CTSC
Slide5Working program 2016 – 5 topics
Updating
the
SCI-framework
Security Training
and
Awareness
Risk Assessment
Security Review
and
Audit
Security in Big
and
Open Data
Slide6SCIV2: the
SCI framework
The SCI
group
has
alrweady
defined
best practices, trust
and
policy
standards
for
collaboration
with
the
aim
of managing cross-
infrastructure
operational
security
risks
. Through
this
work
the
aim
has been
to
establish
a common
understanding
of
the
security
measures
each
infrastructure
has
implemented
and
to
start
work
on guidelines
for
interoperation
such
as
the
exchange of information
during
security incident handling.
It
is
clear
that
a
wider
range of stakeholders
needs
to
be
involved
,
specifically
the
NRENs
,
and
that
we
need
to
address
any
conflicts
for
new
participants
that
are present in
the
first
version
This
working
group
of WISE
will
work
towards
version
2 of
the
SCI document
Chair: Dave Kelsey (STFC)
Slide7STAA: Security Training and
Awareness
The
WISE community we
recognise
that
there
is a
broad
need
for
security
training
and
for
awaress
materials
We
also
see
there
is a lot of
material
available
This
working
grouop
will
:
Identify
5
to
10 most relevant training topics
for
the
coming
3
years
collect
good
training practices;
collect
information
about
relevant
existing
trainings
by
the
infrastructures
;
map
out
the
need
for
organising
joint training events on
specific
topics;
map
out
the
need
for
developing
trainings
;
set
up a basic training
and
awareness
programme
for
organisations
in
the
WISE community,
identifying
which
trainings
are
needed
.
Chair: Alf Moens (SURFnet)
Slide8RAW: Risk Assessment
Large e-
infrastructures
are
vulnerable
to
high-impact security
incidents
because
of
the
relatively
easy way
that
an
incident
may
spread
among
partner
organisations
due
to
the
collaborative
services
that
exist
among
them
.
So
it
is important
that
each
member
organisation
has a
trusted
level of
implemented
security procedures
.
This
working
group
has
the
objective
to
provide
e-
infrastructures
,
and
their
member
organisations
,
with
guidelines on
how
risk assessments
can
be
effectively
implemented
. As input,
experience
from
member
organisations
will
be
used
.
Chair: Jules
Wolfrat
(
SURFsara
, PRACE)
Slide9SRA: Security Review and
Audit
Information security is
known
to
be
a complex
and
constantly
evolving
,
with
several
subdomains
and
approaches. It is
often
non-
trivial
to
reliably
identify
the
current
state of information security
within
an
organisation
or
related
to
a
technology
.
A proven
method
to
obtain
objective
and
comprehensive
information
about
the
current
state of information security is
to
perform
security reviews
and
security audits.
The
main
activities
for
SRA-WG are
to
:
follow
and
contribute
to
the
development
of security audits
and
reviews
among
the
constituents
;
share
related
best practices
for
implementations
;
promote
related
research
and
disseminate
findings
of reviews;
contribute
to
the
development
of security
standards
and
frameworks
;
promote
peer reviews
.
Chair:
Urpo
Kaila
(CSC, EUDAT)
Slide10SBOD: Security in Big and
Open Data
The Security in Big
and
Open Data (SBOD)
working
group
focuses
on security issues
that
arise
when
dealing
with
big
and
open data
especially
within
the
e-
infrastructures
. Security issues in
this
context
concentrate
on
confidentiality
,
integrity
and
availability.
Confidentiality
regulates
access
to
the
information,
integrity
assures
that
the
information is
trustworthy
, i.e. has
not
been
changed
without
authorisation
,
and
availability
guarantees
access
to
the
information
by
authorised
people
at
any
time.
SBOD
intends
to
focus on high level security issues. Issues
only
specific
/
pertaining
to
CSIRTs
(computer security incident response teams) are out of
the
scope of
this
working
group
.
Chair:
Alessandra
Scicchitano
(
G
ÉANT
)
Slide11Participate in WISE
Interested
in
any
of the
the
working
group
subjects?
Contact
the
workgoup
chair
and
let’s
work
together
Subscribe
to
the
workgroup
mailinglist on
the
WISE website
www.wise-community.org
Slide121st WISE workshop in Barcelona,
oktober 2015, 49
participants
2nd workshop (
probable
) in
J
uly
2016
during
XSEDE conference in Miami