how to share best security practices
play

How to Share Best Security Practices Urpo Kaila, EUDAT Security - PowerPoint PPT Presentation

Oct 05, 2022 •363 likes •492 views

How to Share Best Security Practices Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W orkshop for I nformation S ecurity for E -infrastructures 2015-10-22, Barcelona This work is licensed under the Creative Commons

  1. How to Share Best Security Practices Urpo Kaila, EUDAT Security Officer urpo.kaila@csc.fi, security@eudat.eu WISE W orkshop for I nformation S ecurity for E -infrastructures 2015-10-22, Barcelona This work is licensed under the Creative Commons CC-BY 4.0 licence. Attribution: EUDAT – www.eudat.eu www.eudat.eu EUDAT receives funding from the European Union's Horizon 2020 programme - DG CONNECT e-Infrastructures. Contract No. 654065

  2. Standard Building Blocks of Information Security Several ¡ ¡frameworks ¡available ¡ ¡ Security ¡Reviews ¡ and ¡Tes9ng ¡ Security ¡and ¡Risk ¡ Governance ¡ ¡ ¡Management ¡ & ¡ITSM ¡ ¡ So<ware ¡and ¡Service ¡ Access ¡ Development ¡Security ¡ Controls ¡ ¡ Asset ¡Management ¡ C onfiden9ality ¡ I ntegrity ¡ A vailability ¡ Computer ¡Security ¡ Network ¡Security ¡ Opera9onal ¡Security ¡ Assets ¡-­‑> ¡Risks ¡-­‑> ¡Controls ¡-­‑> ¡Metrics ¡

  3. Different kind and levels of security skills IT Security Managers Directors Auditors Service Managers Programmers Administrators, IT - Support Operators Experts on Security Managers, Users technical security Operating Engineers

  4. Well known legacy professional security skills definitions and certifications Generic Security Management CISSP (ISC) ² CBK CISM ISACA COBIT GCED PECB GCIH … GSNA … Technical Security Vendor specific (includes security) SANS MTA CEH BoK RHCSE … …

  5. How do you measure security skills? By bragging? By experience? CV? By trainings obtained? By certifications achieved? Skills certifications are standard requirements in the private sector Obtaining and maintaining such certification is somewhat expensive A certification shows that a person knows at least the basics of the trade – it does not prove that the person is a senior professional, which requires more experience.

  6. A common problem with generic security skills and security guidelines It is difficult to apply them efficiently in your organisation Proceed from outlining to to implementation

  7. How can skills become practice? The principles and theoretical skills must be adapted in your context in an reasonable and in an efficient way Best practices should be implemented Definition (wikipedia): A best practice is a method that has consistently shown superior. Best practices are used to maintain quality and can be based on benchmarking. Best practices are a feature in many of accredited management standards.

  8. How could implementation be easier? Necessary prerequisites Skills Management support A plan with check-ups Leadership (it will not just happen) Share experiences on how to implement with your peers Also cover confidential/sensitive information Informal information often more crucial than formal documents Apply the House of Chatham rule One size does not fit all

  9. A successful track record I’ve had rewarding experiences in sharing best practices with Several government agencies • Private companies • NREN’s • Universities • Research infrastructures • It would probably have been extremely difficult for us to achieve ISO 27001 without sharing best practices earlier • The standards and frameworks tell you what to do • Best practices tells you, by examples, how to do it

  10. Methods of sharing best practices Articles, books Presentations Trainings Reviews and audits Guidelines Site visits Workshops Informal communication N.B. Everything does not need to be formalised, informal f2f meetings are also very valuable

  11. Suggestions for joint ISMS activities Joint skills transfer program on operational security A training kit for Site Security Officers A non-profit lightweight skills certification for Site- Security Officers A voluntary practice sharing program for Site visits for ISMS sharing Peer reviews/audits of ISMS Articles on current ISMS practices Develop a multilateral NDA covering all of above An effort to apply resources and funding for all above I personally volunteer to contribute if feasible

  12. Thank you! All comments are welcome to: urpo.kaila@csc.fi EUDAT related security incidents -> csirt@eudat.eu Other EUDAT security related -> security@eudat.eu www.eudat.eu

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security best practices for Security best practices for Apache web services Apache web services

Security best practices for Security best practices for Apache web services Apache web services

Security best practices for Security best practices for Apache web services Apache web services Agenda Security Advisories @ Apache Issues associated with the advisory process Apache CXF advisories + lessons learned

394 views • 28 slides
Welcome to WAPAs Technology and Security Symposium Mark A. Gabriel Administrator and CEO

Welcome to WAPAs Technology and Security Symposium Mark A. Gabriel Administrator and CEO

Welcome to WAPAs Technology and Security Symposium Mark A. Gabriel Administrator and CEO August 21, 2018 Goals for today Raise awareness Share leading practices Welcome to Tech &amp; Security Symposium 2 Risks and costs Risk =

243 views • 20 slides
AIT AIT Sha Share re Introduction and Background ED82.03: Principles and Practices of

AIT AIT Sha Share re Introduction and Background ED82.03: Principles and Practices of

AIT AIT Sha Share re Introduction and Background ED82.03: Principles and Practices of Sustainable Development Inter Semester 17 Prof. Sivanappan Kumar Vice President of Academic Affairs Asian Institute of Technology (AIT) PPSD

983 views • 46 slides
Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches,

Overview Security Maintenance Practices and Principles Securing Operating Systems Patches, Fixes, Revisions Antivirus Software Post-Install Security Checklist: Windows/UNIX File System Security Issues Chapter 10 User

361 views • 8 slides
School Safety and Security Agenda 1. The Law and Training 2. Practices and Procedures 3.

School Safety and Security Agenda 1. The Law and Training 2. Practices and Procedures 3.

Berkeley Heights Public Schools School Safety and Security Agenda 1. The Law and Training 2. Practices and Procedures 3. Crisis Planning Committee 4. Physical Security School Security Drill Law This law requires: 1 Fire Drill per

294 views • 14 slides
Sagamore Council Join Scout leaders across the country to share best practices and new ideas!

Sagamore Council Join Scout leaders across the country to share best practices and new ideas!

2019 20 19 POP POPCORN KICK CORN KICKOFF OFF Sagamore Council Join Scout leaders across the country to share best practices and new ideas! Facebook.com/groups/TEPopcornCommunity ALL ALL VIDE VIDEOS OS IN IN THIS THIS PRE PRESE SENT

963 views • 35 slides
Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you

Digit Digital al Se Security y Training Be Best Practices A digital training brought to you by RSAT Security in partnership with Supreme Technologies Group. Topics Covered Week 5 Week 1 Social Media Introduction to Information Security

410 views • 19 slides
The safe share project John Chapman, Deputy head, information security, Jisc The safe share

The safe share project John Chapman, Deputy head, information security, Jisc The safe share

The safe share project John Chapman, Deputy head, information security, Jisc The safe share project What : a pilot project enabling the secure exchange of data collected by Government and the NHS using an encrypted overlay over the Janet

165 views • 14 slides
Best Practices in LDAP Security Andrew Findlay Skills 1st Ltd October 2011 What is

Best Practices in LDAP Security Andrew Findlay Skills 1st Ltd October 2011 What is

Best Practices in LDAP Security Andrew Findlay Skills 1st Ltd October 2011 What is &quot;Security&quot;? ISO/IEC 27000:2009 Information Security is... Confidentiality Integrity Availability And some other things Controls

236 views • 20 slides
Security Audit Principles and Practices Logging and auditing are two of the most unpleasant

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant

Security Audit Principles and Practices Logging and auditing are two of the most unpleasant chores facing information security professionals. Chapter 11 tedious, time-consuming, boring Lecturer: Pei-yih Ting 1 Overview Configuring Logging

401 views • 7 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Miami Valley Council Join Scout leaders across the country to share best practices and new ideas!

Miami Valley Council Join Scout leaders across the country to share best practices and new ideas!

2019 POPCORN KICKOFF Miami Valley Council Join Scout leaders across the country to share best practices and new ideas! Facebook.com/groups/TEPopcornCommunity WHY DO WE DO THIS? https://www.youtube.com/watch?v=RsYY3uMkFwU&amp;t=2s 2 THANK YOU

326 views • 32 slides
Ergo Cup Competition Program Designed to Share , Showcase and Recognize Best Practices in

Ergo Cup Competition Program Designed to Share , Showcase and Recognize Best Practices in

Generating Enthusiasm for Innovative Ergonomics: The GE Ergo Cup Process GEs Internal Ergo Cup Competition Program Designed to Share , Showcase and Recognize Best Practices in Ergonomics Across GE Businesses 1 / GE Title or job number /

527 views • 14 slides
Public data: Supporting Midwifery Practices to Use and Share Outcomes BORN Conference 2019,

Public data: Supporting Midwifery Practices to Use and Share Outcomes BORN Conference 2019,

Public data: Supporting Midwifery Practices to Use and Share Outcomes BORN Conference 2019, Ottawa Vicki Van Wagner, RM, PhD Shawna DiFilippo, SM, MA Ryerson University, Toronto Midwives Collective of Toronto 1 Context Part of a larger

327 views • 28 slides
Chesapeake Bay Commission November 5, 2015 Virginia Agricultural Cost-Share Program 41

Chesapeake Bay Commission November 5, 2015 Virginia Agricultural Cost-Share Program 41

Chesapeake Bay Commission November 5, 2015 Virginia Agricultural Cost-Share Program 41 practices eligible for cost-share: standards and specs defined in the Virginia Cost Share Manual In recent years, total expenditures range between

284 views • 26 slides
Sharing and Comparing: Best Practices from Education &amp; Credentialing Contexts Tony Alpert,

Sharing and Comparing: Best Practices from Education &amp; Credentialing Contexts Tony Alpert,

Sharing and Comparing: Best Practices from Education &amp; Credentialing Contexts Tony Alpert, SBAC Wayne Camara, ACT Gregory J. Cizek, UNC Liberty Munson, Microsoft Jamie Mulkey (moderator), Caveon Why share? Best practices that should

1.05k views • 82 slides
Modern Discrete Probability I - Introduction (continued) Review of Markov chains S ebastien

Modern Discrete Probability I - Introduction (continued) Review of Markov chains S ebastien

Review of Markov chain theory Application to Gibbs sampling Modern Discrete Probability I - Introduction (continued) Review of Markov chains S ebastien Roch UWMadison Mathematics August 31, 2020 S ebastien Roch, UWMadison

1.04k views • 29 slides
New Skins for an Old Ceremony The Conformal Bootstrap and the Ising Model Sheer El-Showk

New Skins for an Old Ceremony The Conformal Bootstrap and the Ising Model Sheer El-Showk

New Skins for an Old Ceremony The Conformal Bootstrap and the Ising Model Sheer El-Showk Ecole Polytechnique &amp; CEA Saclay Based on: arXiv:1203.6064 with M. Paulos, D. Poland, S. Rychkov, D. Simmons-Duffin, A. Vichi

633 views • 41 slides
Markov Random Fields: Inference and Estimation SPiNCOM reading group April 24 th , 2017 Dimitris

Markov Random Fields: Inference and Estimation SPiNCOM reading group April 24 th , 2017 Dimitris

Markov Random Fields: Inference and Estimation SPiNCOM reading group April 24 th , 2017 Dimitris Berberidis Ack: Juan-Andres Bazerque 1 Probabilistic graphical models Set of random variables Graph represents joint Nodes

261 views • 23 slides
Probabilistic Graphical Models CMSC 678 UMBC Probabilistic Graphical Models A graph G that

Probabilistic Graphical Models CMSC 678 UMBC Probabilistic Graphical Models A graph G that

Probabilistic Graphical Models CMSC 678 UMBC Probabilistic Graphical Models A graph G that represents a probability distribution over random variables 1 , , Probabilistic Graphical Models A graph G that represents a

1.74k views • 129 slides
Report on SIG-ISM Peter Szegedi, GANT Association Last TF-NOC meeting in Cambridge How do

Report on SIG-ISM Peter Szegedi, GANT Association Last TF-NOC meeting in Cambridge How do

Report on SIG-ISM Peter Szegedi, GANT Association Last TF-NOC meeting in Cambridge How do we deal with NOC security incidents? Roundtable chaired by Jonny Lundin (NORDUnet) What does TF-CSIRT do (Lionel Ferette - remote)

115 views • 7 slides
Dust from AGBs and the ISM in the Early Universe Dust-catalyzed H 2 Formation Andy Liao, 4 th Year

Dust from AGBs and the ISM in the Early Universe Dust-catalyzed H 2 Formation Andy Liao, 4 th Year

Dust from AGBs and the ISM in the Early Universe Dust-catalyzed H 2 Formation Andy Liao, 4 th Year UG 1 Supervisor: Milos Milosavljevic 1 Graduate Supervisor: Chalence Safranek-Shrader 1 1 The University of Texas at Austin Undergraduate Research

202 views • 9 slides
Advanced Computer Graphics CS 563: Making Imperfect Shadow Maps View Adaptive Frederik

Advanced Computer Graphics CS 563: Making Imperfect Shadow Maps View Adaptive Frederik

Advanced Computer Graphics CS 563: Making Imperfect Shadow Maps View Adaptive Frederik Clinckemaillie Computer Science Dept. Worcester Polytechnic Institute (WPI) Background: Virtual Point Lights Simulates indirect illumination by creating

435 views • 30 slides
Galaxy Evolution interstellar matter (ISM) drives galaxy evolution, but SFR evolution driven

Galaxy Evolution interstellar matter (ISM) drives galaxy evolution, but SFR evolution driven

Galaxy Evolution interstellar matter (ISM) drives galaxy evolution, but SFR evolution driven by gas supply ?? starburst vs main sequence ?? need to measure the mass of ISM gas or dust CO / long dust em. w/ ALMA high J CO ??

416 views • 38 slides

More recommend