Minutes of EGI CSIRT group coordinators meeting

Attendees
========
Leif, NDGF
Mingchao, UK NGI
Wilhelm, Germany NGI

Apology
=======
Daniel, Czech NGI
Sven,  Dutch NGI

Agenda available: https://www.egi.eu/indico/conferenceDisplay.py?confId=44

Project update
-	EGI-InSPIRE project started on 1st May 2010, confirmed by Steven Newhouse, although contracts between EGI and NGIs are yet to be signed
-	EGI milestone MS405: Operational Security Procedures Report is due on 31st July. Leif is working on a revised EGI security incident handling procedure, first draft will be made available to EGI CSIRT team for comment by 30th May
-	There will be EGI SA1 kick off meeting on 3rd and 4th June 2010 at Amsterdam
-	There will be EGI tasklearder meeting on 10th June 2010, again at Amsterdam
-	There will be the first EGI technical forum conference, 13th-17th September 2010, at Amsterdam

Group activities update and forward planning
-	IRTF (Leif)
Leif is revising the EGEE incident handling procedure to bring it in line with the EGI CSIRT security operation model.  First draft will be available by 30th May for comment until 12th June; incorporate comments into second/final draft and make it available by end of June 2010; a procedure on vulnerability assessment is also considered to be a necessity.

In due course, IRTF might also consider hooking a ticket system to the csirt mailing list. 

Before the meeting, Mingchao had a few chats with Linda (Chair of Security Vulnerability Group) regarding the software vulnerability assessment. The boundary between SVG and EGI CSIRT has been clarified. SVG is primarily responsible for grid middleware and their dependency (packages that are shipped together with grid middleware). EGI CSIRT is primarily responsible for operating systems and common components found in the OS. However, both have agreed to work closely on case by case basis on software/packages which do not fall into either category. Exact detail of interaction between the two teams is yet to be discussed and agreed.  

-	Security monitoring group
Daniel could not make to the meeting

-	Security drill group
Sven could not make to the meeting

-	Security training and dissemination group (Wilhelm)
Wilhelm has started the migration of both OSCT public webpage and private webpage, the migration is working in progress. However some content on the pages is out of dated and need to be updated. Wilhelm raised the copyright concern; the OSCT public webpage has a copyright statement on each page. Mingchao will follow it up with CERN.

EGI CSIRT private wiki: https://wiki.egi.eu/csirt/
EGI CSIRT public wiki: https://wiki.egi.eu/wiki/EGI_CSIRT:Main_Page

The private wiki can only be read by EGI CSIRT team member, the public wiki can only be modified by EGI CSIRT team member.

Wilhelm will also start planning the security training session at EGI technical conference

-	issues raised or foreseen during the transition period
New mailing lists and wikis seem to work fine. They seem to satisfy our requirements. 

However, it was noticed that EGI CSIRT might need a place in document DB provided by CESNET as we are going to produce the first EGI CSIRT operational procedure. Mingchao will contact it-support to get it setup.

A general purpose ticket tracing system has been seen of not necessary, instead a wiki page will be used to record opening and closed actions generated from various team meeting. 

-	EGI technical forum conference planning
The conference will be at Amsterdam from 13 to 17 September 2010

There will be an EGI CSIRT face to face meeting

To have a security training session or a joint security training session (with middleware security group), Wilhelm is working on it.

There is also a suggestion to have a security “all hands” session. 

It has been suggested to group various security sessions in one or two days so that some participants do not need to stay for the whole week. Mingchao will get the suggestion to the conference PC.
-	AOB
EGI CSIRT team needs to have a group calendar. It seems that Google calendar is one option, the EGI project at the moment also use Google calendar. Mingchao will ask team member to comment

After some discussion, it has been agreed that a monthly team meeting should replace the proposed group coordinators’ meeting. The meeting should not take too long; however, at the beginning of the project, the meeting might takes 1 or 1.5 hours. EVO can be used to hold the meeting. Other options can also be considered as long as it is accessible by team members, cheap and support phone bridge function and web interface.
Mingchao will ask team members for comment.

===========
List of Actions:

https://wiki.egi.eu/csirt/index.php/Pending_actions