EGI/EOSC/UK Security Teams F2F - Abingdon, UK

Europe/London
Abingdon, UK
Sven Gabriel (NIKHEF)
Description

For logistics and further meeting details, check the meeting wiki page.

 

Agenda draft NOT FINAL

Registration
Participants of EGI/EOSC Security meetings
Participants
  • Baptiste Grenier
  • David Kelsey
  • Emanuele Simili
  • Linda Cornwall
  • Matt Doidge
  • Nuno Dias
  • Sven Gabriel
  • +8
    • Tuesday session 1: Status Update
      • 1
        F2F Presentation and EGI updates
        • News or events on EGI since the last F2F.
        • EGI Council approved the service provisioning proposal
        • New OLA for Security Coordination (Apr 2024 - Dec 2026) -> https://docs.google.com/document/d/1sjMGnaSA9itSb1K01Er0Mmh7wPvZNaDBZtYBiwl2C5Y/edit
        • EGI Core Services Perfomance report January 2024 - June 2024 -> https://documents.egi.eu/public/ShowDocument?docid=2324
        • New SURF certificates
        • Infrastructure deploied and/or migrated: Gitlab, EGI relay, CommsChallenge server
        Speakers: Baptiste Grenier (EGI.eu), Sven Gabriel (NIKHEF)
      • 2
        Monitoring + Vulnerablility Management

        Present the work done during the last months and the status of the project.

        Speaker: Daniel Kouril (CESNET)
      • 3
        Roles and responsibilities in IR

        REF: https://jira.egi.eu/browse/EGIIRTF-93

        Speaker: Daniel Kouril (CESNET)
      • 4
        Communication Challenges

        Discuss how non responsive/unreachable sites should be tracked in coordination with EGI Ops.

        Speaker: Pau Cutrina Vilalta
    • 10:30 AM
      Break
    • Status Update: Presentation
      • 5
        Review first 12 months of the TTT WG
        Speaker: Matt Doidge (Lancaster University)
      • 6
        Software vulnerability handling

        15 minute presentation on what we do and ideas, plus 15 mins + discussion
        Status of James Acris on actively sharing the work.

        Speaker: Linda Cornwall (STFC)
      • 7
        FedCloud Security
        Speaker: Baptiste Grenier (EGI.eu)
    • 12:30 PM
      Lunch
    • Tuesday session 3: Collaborations
      • 8
        Status of the collaboration with other communities
        • Presentation of SICURA-LAC and the possible collaborations that have been demonstrated with others such as LAC4.
        • What can we learn from the community that could be useful for EGI? i.e. experience with pDNSSOC, trainings, ...
        Speaker: Pau Cutrina Vilalta
      • 9
        Collaboration with VOs
        • Frequent call with VO representatives:
          - It could be a short call every three months (about 30 minutes) where incidents are presented, along with security news, followed by a presentation or discussion on a relevant topic, and concluding with a Q&A or feedback session.
        • VOs security policies and procedures:
          - CMS has developed a "User Account Suspension Policy/Procedure." Other VOs might have similar policies in place or may be interested in seeing how others handle it.
        • Security Survey/Checklist:
          - Coordinated with the VOs.
          - Assess needs and collaboration opportunities based on WLCG policies.
        • Newsletter and security updates
        Speakers: Jose Carlos Luna (CERN), Pau Cutrina Vilalta
    • 3:30 PM
      Break
    • Tuesday session 4: Initiatives
      • 10
        Training activities

        (EGI webinar, tCSC, EGI Conference etc.) - what are we planning?

        Speaker: Barbara Krasovec (JSI)
    • Wednesday session 1: Initiatives
      • 11
        Review: EGI Security Traceability and logging policy
        • Review of the policy.
        • Initiatives to improve compliance.
        Speakers: Barbara Krasovec (JSI), Pau Cutrina Vilalta
      • 12
        Incident Response Workshop Organization
        • Technical training and tool demonstrations.
        • Incident response exercises.
        • Define the scope, small sites vs mature admins
        Speakers: Jose Carlos Luna (CERN), Pau Cutrina Vilalta
    • 10:30 AM
      Break
    • Wednesday session 2
      • 13
        Security Service Challenge
        • Status update and next steps.
        Speaker: Sven Gabriel (NIKHEF)
      • 14
        Cross-Team monthly meeting
        Speaker: David Kelsey (STFC)
    • 12:30 PM
      Lunch
    • Wednesday session 3
      • 15
        Incident Response Debrief
        Speaker: Baptiste Grenier (EGI.eu)
    • 3:30 PM
      Break
    • Wednesday session 4: Summary
      • 16
        Summary and recap of actions
        • Show the actions pending of completition in Jira.
        • List all the actions that have been noted during the F2F discussions and create actionable tasks.
        Speaker: Pau Cutrina Vilalta
    • 17
      Joint session 1
      • How to be a CSIRT
    • 10:30 AM
      Break
    • 18
      Joint session 2
      • DRI update and shared activities
    • 12:30 PM
      Lunch | EGI/EOSC Close | UK Start
    • UK Security 1
      • 19
        IRIS CSIRT
      • 20
        Engagement, skills and training