Develop the security challenge framework
Page 39 of 64Experience from EGI-InSPIRE has shown that performing security service challenges on the operational infrastructure
is useful confirm that there is sufficient audit information for traceability of any incident, that procedures and tools are
sufficient and that participants are trained and aware of the need to participate in incident response. The framework for
these security challenges will be modified and extended to meet the evolving scenarios.
Develop the software vulnerability handling process to adapt to new technology and deployments
Software vulnerability issues in the EGI core infrastructure have been handled through a close relationship with
the technology providers, many of whom supply members of the Software Vulnerability Group (SVG). The general
principles will remain, including the assessment of risks and the issuing of advisories. In the evolving scenarios of EGI-
Engage there are, however, likely to be different types of relationship with the technology providers, especially when
this does not involve membership of SVG. The procedures and methods for handling vulnerabilities in EGI-Engage
will evolve accordingly.
FedCloud SSC
presentation Status 15 min.
discussion
expected outcome:
next steps
wps (who does what)
timeline
Communication channel SSCs (who coordinates this?)
NGI RT-IR: We should use bulk ticket creation for that
Presentation: Status tools / how we did this in the past / summary earlier results
Site-Security Telephone numbers check Per NGI
Preparation: compile checklist / like where do we end up, does the person picking up the phone know what we are talking about
expected outcome:
status report of the quality our communication channels (mail/phone)
present at OMB?