Security Policy Update Mike Stanfield OSG Security Team OSG - - PowerPoint PPT Presentation

▶

Apr 19, 2023 13 likes •114 views

Security Policy Update Mike Stanfield OSG Security Team OSG Council Face-to-Face October 11 th , 2019 OSG Security Team Security Team Members: Susan Sons, CACR Indiana University Adrian Crenshaw, CACR Indiana University Josh Drake,

SLIDE 1

Security Policy Update

Mike Stanfield OSG Security Team OSG Council Face-to-Face October 11th, 2019

SLIDE 2

11 October 2019 | OSG Council Face-to-Face

OSG Security Team

Security Team Members:

Susan Sons, CACR Indiana University
Adrian Crenshaw, CACR Indiana University
Josh Drake, CACR Indiana University
Zalak Shah, CACR Indiana University
Mike Stanfield, CACR Indiana University

SLIDE 3

11 October 2019 | OSG Council Face-to-Face

Policy Updates

SLIDE 4

11 October 2019 | OSG Council Face-to-Face

Why are we updating policies?

IRIS-HEP Deliverable:

− Realign the OSG Cybersecurity Program

with the Open Science Cybersecurity Framework

Step one is a refresh of the OSG

Security policies

SLIDE 5

11 October 2019 | OSG Council Face-to-Face

Updated Policies

Master Information Security Policy

& Procedures

Incident Response Policies &

Procedures

Service Container Security Policy

SLIDE 6

11 October 2019 | OSG Council Face-to-Face

Master Information Security Policy & Procedures

Describes the roles and priorities of

the Security team.

Defines security expectations of

OSG staff and users.

Moved exception management

into a single source of truth.

Greatly reduced size (~10 pages).

https://drive.google.com/file/d/1BfZb3il57Wn1NVnnLzvOCCHFOLhiI1-L/view?usp=sharing

SLIDE 7

11 October 2019 | OSG Council Face-to-Face

Incident Response Policies & Procedures

Explicitly defining the process the

OSG Security team uses during an incident.

Tested via a tabletop exercise,

gaps identified and addressed.

Tested recently again during an

incident (2019-10-03_001).

− Some minor adjustments still to be

made.

https://drive.google.com/file/d/1radhu-qz8sNSWuEkL5Ykrx8-huUup844/view?usp=sharing

SLIDE 8

11 October 2019 | OSG Council Face-to-Face

Service Container Security Policy

Addressing a need within OSG and

the larger community.

Defines how we handle creation

and validation of service containers.

Recently shared with EGI

− Any WLCG container policies will use

this as a starting point.

https://drive.google.com/open?id=1yKjSSAIlHMeRxEAN45ltki1z_BBZbaaq

SLIDE 9

11 October 2019 | OSG Council Face-to-Face

Evolving policies

These policy documents are in a

draft state (but are nearly final).

Policy shouldn’t be stagnant -

should review at least annually.

Still waiting final ET approval:

please send us your feedback!

SLIDE 10

11 October 2019 | OSG Council Face-to-Face

Security Policy Update

OSG Security Team

Policy Updates

Why are we updating policies?

Security policies

Updated Policies

& Procedures

Procedures

Master Information Security Policy & Procedures

the Security team.

OSG staff and users.

into a single source of truth.

Incident Response Policies & Procedures

OSG Security team uses during an incident.

gaps identified and addressed.

incident (2019-10-03_001).

Service Container Security Policy

the larger community.

and validation of service containers.

Evolving policies

draft state (but are nearly final).

should review at least annually.

please send us your feedback!

Questions?