Versions Compared

Old Version 24

changes.mady.by.user Romain Wartel

Saved on

compared with

New Version 25

changes.mady.by.user Davide Vaghetti

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • the eduGAIN-CSIRT Security Officer, that will be nominated by the GEANT project.
  • At the time of the establishment of the eduGAIN-CSIRT the eduGAIN Participants will be invited to propose members of the eduGAIN-CSIRT. The proposed members must be senior security professionals from research and education IT infrastructures. The proposals will be reviewed for acceptance by the eduGAIN Security Officers.
  • An eduGAIN Participant can always propose a new member of the eduGAIN-CSIRT. The proposal will be reviewed for acceptance by the eduGAIN Security Officers according to the actual needs of the eduGAIN-CSIRT.
  • Each member of the eduGAIN-CSIRT will be funded by the respective organization either through the GEANT project, or direct funding.

Invited members: GEANT CERT Security Officer. Others?

Chair

The Chair of eduGAIN-CSIRT is the Security Officer.

...

  • Managing team membership;
  • Reporting to the the eSG as appropriate;
  • Ensuring all discussion items end with a decision, action or definite outcome.
  • Acting as general point of contact for eduGAIN-CSIRT.
  • Ensuring team activity and output is documented, approved when needed, and distributed to the appropriate audience;
  • Ensuring that the eduGAIN-CSIRT meets the various demands placed on it (← By whom?) to to produce and maintain security policies, security procedure and best practice. This will include negotiation with eSG, members of the eduGAIN-CSIRT, and other stakeholders to agree on priorities and timelines, in a manner commensurate with the effort available to the eduGAIN-CSIRT.

Suggest deleting that:

  • Scheduling and running eduGAIN-CSIRT meetings and ensuring that minutes are taken and published.

  • Ensuring all discussion items end with a decision, action or definite outcome.
  • Inviting specialists to attend meetings when required according to the eduGAIN-CSIRT agenda.
  • Acting as general point of contact for eduGAIN-CSIRT.

  • Ensuring that documents produced are presented for approval and adoption and that once approved these are published and made available.

  • Ensuring that eduGAIN-CSIRT meets the various demands placed on it to produce and maintain policy, procedure and best practice. This will include negotiation with eSG, members of the CSIRT, and other stakeholders to agree priorities and timelines commensurate with the effort available to the Group.

  • Reporting to the the eSG as appropriateEnsuring that the eduGAIN-CSIRT provides the services and the service level described in 3.2 and 3.3.

The duties and responsibilities of the members include:

  • Participating to the  eduGAIN-CSIRT meetings. (← I would suggest deleting and keeping "duties and responsibilities" at a much higher level here and for the chair)
  • Following the eduGAIN CSIRT internal procedures.
  • Actively contributing to the to the mission of the eduGAIN-CSIRT;.
  • Providing expertise and guidance to the best of their knowledge.
  • Abiding to the Trusted Introducer Code of Conduct (https://www.trusted-introducer.org/TI-CCoP.pdf).
  • Respecting TLP restrictions (https://www.first.org/tlp) and appropriate confidentiality requirements;.
  • Providing the services and the service level described in 3.2 and 3.3.Respecting the privacy of any party involved in security incidents and as part of daily security operations;

Term of Office

The Term of Office is unlimited.

...