Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Join WISE for a full day session at the NSF NSF Cybersecurity Summit Summit in Washington DC Alexandria, Virginia, USA on August 21st! 

The day will cover: • Software Assurance Assessment (Practical software analysis activity lead by Rob Quick)
• Risk Assessment Walkthrough https://wise-community.org/risk-assessment-template/ 
• SCI Assessment Walkthrough https://wise-community.org/sci/ 

  • Operational Security threat intelligence and communication (SOCs)
  • SCI working group (Policy Development Kit, Baseline AUP and EU GDPR)
  • Security challenges for high-throughput data transfers

Please join the community mail list (see below) and let  us know if you’re coming so that we can plan an evening activity. 

...

The WISE (Wise Information Security for collaborating E-infrastructuresEinfrastructures) community was born as the result of a first workshop in October 2015, which was jointly organized by the GÉANT group SIG-ISM (Special Interest Group on Information Security Management) and SCI, the ‘Security for Collaboration among Infrastructures’ group of staff from several large-scale distributed computing infrastructures. All agreed at the workshop . It was agreed then that collaboration and trust is the key to successful information security in the world of federated digital infrastructures for research. WISE is an international community with participants spanning North America, Europe, Asia and AustralasiaAustralia.

WISE provides a trusted global framework environment where security experts from general and research domain-specific Infrastructures can share information on topics such as risk management, experiences about certification processes and threat intelligence. With participants from e-Infrastructures such as EGI, EUDAT, GEANT, EOSC-hub, PRACE, XSEDE, OSG, NRENs and more, WISE focuses on standards, guidelines and practices, and promotes the protection of critical infrastructure. To date WISE has created four the main aim of WISE is to promote best practice in Information Security by developing trust frameworks, template policies and guidelines for e-Infrastructures.

The actual work of WISE is performed in focused working groups, each tackling different aspects of collaborative security and trust. The community is currently working on defining a comprehensive security training catalogue (STAA-WG), risk assessment template (RAW-WG), big data best practice guidelines (SBOD-WG) and guidance for assessing an infrastructure against the new version 2 of SCI, the framework established to ease cross-infrastructure information exchange during security incidents (SCIv2-WG)This year we have 3 new working groups which are currently starting their work, two of which will lead sessions during this training event.

Target Audience:

We invite security representatives from E-Infrastructures and Large-Scale NSF facilities to participate. This includes operational security individuals and policy makers. Some of the topics will be training sessions with hands-on exercises while others will be management/planning/brainstorming sessions, to assist the working groups in the production of new template policies and best-practice documents.

Agenda:

We propose will have a full day with the following tentative agenda, combining informational and interactive activities:

Time

Item

Description

09:00

Introduction to WISE (David Kelsey)

What is WISE all about? What are we working on? What are the various working groups?

Introduction slides

09:20

Community Projects:

  1. Internet of Things Working Group - Florence Hudson, internet2
  2. Passive Domain Name System (pDNS) Data Project - Doug Pearson, REN-ISAC

We invite members of the WISE community to present their current projects in the security domain.

Operational Security threat intelligence and communication between Security Operations Centres (SOCs), e.g. use of MISP etc. Part 1

(Romain Wartel and David Crooks)

A training session together with hands-on experience.

Introductory slides

Training VM

VM Instructions

10:30Coffee

11:00

Operational Security threat intelligence and communication between Security Operations Centres (SOCs), e.g. use of MISP etc. Part 2

(Romain Wartel, David Crooks and Adam Slagell)

A training session together with hands-on experience.

10:00

Discussion

11:00Coffee

11:15

Software Assurance, hands-on

Practical activity to run assessments on packages distributed by E-Infrastructures, and make assessments. Core software packages will be collected in advance but participants are also encouraged to bring their own samples to assess.

13:00Lunch
14:00

Risk Management, interactive

SCI working group. (Uros Stevanovic and David Kelsey)

Topics include:

  • A Policy Development Kit to help Cyber Infrastructures meet the requirements of SCI version 2 (and the Snctfi Trust Framework too)
  • A common-shared baseline AUP
  • What are the risks to CyberInfrastructures resulting from Data Privacy issues and the new EU GDPR?

A mix of training aimed at assisting CyberInfrastructures to prepare Policies to meet the requirements of SCI version 2 and brain-storming on the new proposed baseline AUP and the approach to EU GDPR

We may be able to compare the WISE/SCI/AARC2 policy kit with other such activities (Trusted CI for example) and see what we can learn from each other.

Alignment of AUPs (slides)

SCI Backup slides (not shown on day - but for info)

Draft WISE Baseline AUP v1 text

Policy Development Kit

EU GDPR in Federated AAI

GEANT Data Protection Code of Conduct v2

Data Protection Impact Assessment (DPIA) in Federated AAI

Participate in a risk assessment activity for infrastructures using the risk template defined by WISE. https://wise-community.org/risk-assessment/


16:00Coffee
16:15

SCI Self Assessment Walkthrough, interactive

30

Security challenges for high-throughput data transfers (Ralph Niederberger)

Working towards a best practices document on issues related to this topic

Security challenges for PRACE high throughput data transfersLive assessment of multiple infrastructures against version 2 of SCI, the framework for Security for Collaboration among Infrastructures https://wise-community.org/updating-the-sci-framework/

18:00Closing
19:00DinnerA table has been reserved on the patio at Crafthouse, 901 N. Glebe Road.
For those who wish, there is "Trivia" inside from 7:30
Let's aim to eat dinner together somewhere close!

Resources: