Speakers
Link for further information
https://wiki.egi.eu/wiki/SPG
Printable Summary
The Chair of the EGI Security Policy Group (SPG) will report on the current status of security policies and plans for future work.
A report will be presented on the EGI Security Threat Risk Assessment, which was carried out during the first half of 2012. Members of the EGI Security Assessment team identified 75 threats to the EGI infrastructure and considered the risk associated with each of those threats. The method used to compute the risk and the security threats identified as having the highest risk will be presented.
This session is open to anyone and will be of particular interest to those interested in security and what the security threats are to the EGI infrastructure. It will also be of interest to those who wish to know what security policies are in place or planned and the behaviour expected in the EGI environment.
Description of the work
The Security Policy Group (SPG) is responsible for developing the policy needed to provide NGIs with a secure, trustworthy distributed computing infrastructure. The SPG output defines the behaviour expected from NGIs, Sites, Users and other participants to maintain a beneficial and effective working environment. At the time of writing there are 15 policy documents that have been developed by members of the SPG and approved by EGI Executive Board.
The EGI security threat risk assessment was carried out in several states. Firstly, a team was established for carrying out this work. Then the threats were selected and the current situation and mitigation for each threat was established as far as effort allowed. Then the risk was computed by asking everyone to give their ratings on the likelihood and impact. Guidlines for likelihood and impact were given. The findings were then reported.
Wider impact of this work
Security policies are available which have been widely adopted both within European Grid projects and in the wider Grid community.
For the EGI security threat risk assessment a comprehensive review has taken place of security in the EGI infrastructure. A number of risks have been identified where priority is needed for their mitigation.