update on security policy
play

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security - PowerPoint PPT Presentation

May 21, 2023 •121 likes •408 views

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010, Taipei david.kelsey at stfc.ac.uk Overview Why do we need security policies? Joint Security Policy Group (JSPG) Some history

  1. Update on Security Policy David Kelsey (RAL) 
 7 Mar 2010 
 Security Workshop @ ISGC 2010, Taipei david.kelsey at stfc.ac.uk

  2. Overview • Why do we need security policies? • Joint Security Policy Group (JSPG) – Some history – Interoperability • Overview of JSPG policies – Current status and recent work • The transition to EGI Kelsey, Security Policy 7 Mar 2010 2

  3. Why do we need security policies? • Management of IT security – Management of risk, balanced with availability of services • Perform a risk analysis – Need a Security Plan • to mitigate and manage the risks • Security Plan includes various “Controls” – Technical – Operational – Management • Security Policy is part of Management Controls (written documents) Kelsey, Security Policy 7 Mar 2010 3

  4. Trust is important • Trust is a relationship of reliance. A trusted party is presumed to seek to fulfill policies, ethical codes, law and their previous promises. (wikipedia) • Trust is a prediction of reliance on an action, based on what a party knows about the other party. Trust is a statement about what is otherwise unknown -- for example, because it is far away, cannot be verified, or is in the future. Kelsey, Security Policy 7 Mar 2010 4

  5. Joint Security Policy Group • This started as a WLCG activity in 2003 • In 2004, EGEE phase 1 started – JSPG remit expanded to cover both projects – Strong participation by OSG, NDGF, … • Revised mandate (2008) – http://www.jspg.org/ – prepares and maintains security policies for its primary stakeholders (EGEE and WLCG) – also able to provide policy advice on any security matter • Policies approved and adopted by Grid management • Now taking forward into EGI era (more later) Kelsey, Security Policy 7 Mar 2010 5

  6. Policy Interoperability • Wherever possible, JSPG aims to – prepare simple and general policies – applicable to the primary stakeholders, but – also of use to other Grid infrastructures (NGI's etc) • The adoption of common policies by multiple Grids eases the problems of interoperability (and scaling) • Users, VOs and Sites all accept the same policies during their (single) registration (with Grid or VO) • Other participants then know that their actions are already bound by the policies – No need for additional negotiation, registration or Kelsey, Security Policy 7 Mar 2010 6 agreement

  7. Overview of JSPG Policies Kelsey, Security Policy 7 Mar 2010 7

  8. Grid Security Policy • The main policy document • https://edms.cern.ch/document/ 428008/ • “…policy regulating those activities of Grid participants related to the security of Grid services and Grid resources.” Kelsey, Security Policy 7 Mar 2010 8

  9. Grid Security Policy (2) • Objectives – gives authority for actions • may be carried out by certain individuals and bodies – places responsibilities on all participants • Scope – This policy applies to all participants – Every site participating in the Grid autonomously owns and follows their own local security policies – This policy augments local policies by setting out additional Grid-specific requirements. Kelsey, Security Policy 7 Mar 2010 9

  10. Grid Security Policy (3) • Additional Policy documents – Appendix 1 defines additional policy documents – These must exist for a proper implementation of this policy • Roles and Responsibilities: Participants – Grid Management – Grid Security O ffj cer & Grid Security Operations – Virtual Organisation Management – Users – Site Management – Resource Administrators Kelsey, Security Policy 7 Mar 2010 10

  11. Grid Security Policy (4) • Limits to Compliance – Grid policies designed to be applied uniformly across all sites and VOs – exceptions may be made when required – must be justified in a document submitted to the Grid Security O ffj cer for authorisation – In exceptional circumstances it may be necessary for emergency action – the exception should be minimised, documented, time- limited and authorised at the highest level of the management commensurate with taking the emergency action promptly, and the details notified to the Grid Security O ffj cer at the earliest opportunity Kelsey, Security Policy 7 Mar 2010 11

  12. Grid Security Policy (5) • Sanctions – Sites or resource administrators who fail to comply may lose the right to have that service instance recognised by the Grid – Users who fail to comply may lose their right of access to and/or collaboration with the Grid • may be reported to their home institute • Or to appropriate law enforcement agencies – VOs which fail to comply may lose their right of access to and/or collaboration with the Grid • Including all their users Kelsey, Security Policy 7 Mar 2010 12

  13. JSPG Security Policies Security Incident Certification Traceability and 
 Response Authorities Logging Security Site & VO Grid & VO Policy Policies AUPs Pilot Jobs and 
 Accounting Data 
 VO Portals Privacy Kelsey, Security Policy 7 Mar 2010 13

  14. Recent JSPG work • JSPG membership expanded to include more NGIs (-> EGI era) – revise all policy documents to make simpler and more general Policies approved and adopted during the last year… • Virtual Organisation Registration Security Policy https://edms.cern.ch/document/573348/8 • Virtual Organisation Membership Management Policy https://edms.cern.ch/document/428034/3 • Grid Policy on the Handling of User-Level Job Accounting Data https://edms.cern.ch/document/855382/5 • VO Portal Policy https://edms.cern.ch/document/972973/6 • Security Incident Response Policy https://edms.cern.ch/document/428035/7 Kelsey, Security Policy 7 Mar 2010 14

  15. Revision to Grid AUP • http://www.jspg.org/wiki/ Grid_Acceptable_Use_Policy – Version 4.1 • Old policy document (V3.1 28 Oct 2005) – one of the early successes of JSPG – a simple common policy for use on several di fg erent interoperating Grids – AUP has to be accepted by all users during their (re)registration with their VO – Important for interoperation between Grids Kelsey, Security Policy 7 Mar 2010 15

  16. Grid AUP (2) • Many Grids and other computing infrastructures, e.g. DEISA, have since used this AUP • but needed to make small modifications • main aim of this revision – take these modifications into account – produce a new version to meet the needs of Grids using the policy Kelsey, Security Policy 7 Mar 2010 16

  17. Revision to Site Registration • http://www.jspg.org/wiki/ Site_Registration_Security_Policy – Version 3.1 • Old policy document (V2.0 16 Mar 2006) – contains many detailed registration procedures • These are too EGEE-specific • JSPG decided to remove these – change the focus of the document to be purely related to security policy issues – similar to the recently approved "Virtual Organisation Registration Security Policy“ • new document is now much shorter and simpler Kelsey, Security Policy 7 Mar 2010 17

  18. From EGEE to EGI Kelsey, Security Policy 7 Mar 2010 18

  19. Problems with current Policies • The complete revision during EGEE-III has been successful, however… • Still many di fg erent documents – Overlaps and inconsistencies • Includes operational issues as well as security-related issues • Participants find it di ffj cult to know which policy applies to them • Many policies are rather EGEE-specific Kelsey, Security Policy 7 Mar 2010 19

  20. Policy framework for EGI 
 - defining policy standards • A framework to enable interoperation of collaborating Grids – aimed at managing cross-Grid operational security risks • Identify policy components needed for trust between Grids • Not necessarily imposing a single policy for all – But Grids can use template policies if they wish • Presents the current set of JSPG policies – Taking high-level view to identify those components which are necessary • Other components are either too EGEE-specific or are operational rather than related to security – separate them Kelsey, Security Policy 7 Mar 2010 20

  21. Framework (2) • Specifies the issues that need to be addressed in a Grid's security policy • At this stage does not define minimum standards or requirements – Standards should come later Kelsey, Security Policy 7 Mar 2010 21

  22. Policy Framework: Participants Infrastructur Users Providers e Includes Includes • Grid users • Grid Sites Includes • VOs • Resource • Grid • Application Providers Operations Communities • Service • Security O ffj cer Providers, e.g. • Sec Operations VO running services 7 Mar 2010

  23. Policy Components Infrastructur Users Providers e Includes Includes • AUP • Traceability Includes • Traceability • Incident • Incident • VO Response Response Management • Access control • Vulnerability • Data protection • Registration Handling • Incident • etc • Patching response • Data protection • Registration • Registration • etc • etc 7 Mar 2010

  24. Security Policy Framework Infrastructur Users Providers e Incident Response 1 2 3 Traceability 4 5 6 Data Protection 7 8 9 etc etc etc 7 Mar 2010

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Security Classification Policy Implementation in Policing Update Helen Edwards Head of

Security Classification Policy Implementation in Policing Update Helen Edwards Head of

Security Classification Policy Implementation in Policing Update Helen Edwards Head of Information Management March 2013 1 New Security Classifications From April 2014, the Government security classifications are changing.

173 views • 13 slides
Security Policy Update Mike Stanfield OSG Security Team OSG Council Face-to-Face October 11 th ,

Security Policy Update Mike Stanfield OSG Security Team OSG Council Face-to-Face October 11 th ,

Security Policy Update Mike Stanfield OSG Security Team OSG Council Face-to-Face October 11 th , 2019 OSG Security Team Security Team Members: Susan Sons, CACR Indiana University Adrian Crenshaw, CACR Indiana University Josh Drake,

113 views • 10 slides
CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley

CSE 484 / CSE M 584 Computer Security: SQL, Wireshark, and Policy TA: Thomas Crosley tcrosley@cs SQL Review Structured Query Language (SQL) used to communicate with databases Standard SQL commands SELECT, INSERT, UPDATE, DELETE, DROP

771 views • 12 slides
AIST POLICY UPDATE 29 July 2020 SPEAKER: David Haynes, Senior Policy Manager, AIST Policy

AIST POLICY UPDATE 29 July 2020 SPEAKER: David Haynes, Senior Policy Manager, AIST Policy

AIST POLICY UPDATE 29 July 2020 SPEAKER: David Haynes, Senior Policy Manager, AIST Policy Update AGENDA CoVid measures Regulator update Policy landscape Joint letter APRA/ASIC Retirement Income Review Insurance in Super Code Royal

298 views • 18 slides
Update - Security Policies David Groep (Nikhef) EGI OMB 24 November 2016 www.egi.eu EGI-Engage

Update - Security Policies David Groep (Nikhef) EGI OMB 24 November 2016 www.egi.eu EGI-Engage

Update - Security Policies David Groep (Nikhef) EGI OMB 24 November 2016 www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Refreshing the security policy suite

399 views • 15 slides
Pre-ICANN68 Policy Update Webinar 18 June 2020 | 1 Welcome to the Pre-ICANN68 Policy Update

Pre-ICANN68 Policy Update Webinar 18 June 2020 | 1 Welcome to the Pre-ICANN68 Policy Update

Pre-ICANN68 Policy Update Webinar 18 June 2020 | 1 Welcome to the Pre-ICANN68 Policy Update Webinar This is a text box caption to describe David Olive the photo to the left. Senior Vice President, Policy Development Support | 2

751 views • 41 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
ICANN Policy Update - Singapore Policy Department, June 2011 Goals for this session Update

ICANN Policy Update - Singapore Policy Department, June 2011 Goals for this session Update

ICANN Policy Update - Singapore Policy Department, June 2011 Goals for this session Update you on current Policy work and encourage you to participate Review policy issues to be discussed at the ICANN Singapore Meeting Inform you of

998 views • 80 slides
Document Hierarchy of Information Security Corporate Security Policy Policy General commitment

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment

Document Hierarchy of Information Security Corporate Security Policy Policy General commitment to Information Security General commitment to Information Security Installation of CorpSec Enabling CSO Installing Information Security Standard

355 views • 8 slides
CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co.

CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co.

CI P Cyber Security Update CI P Cyber Security Update John Lim John Lim Consolidated Edison Co. of New York, Inc. December 1, 2010 1 Disclaim er Materials presented or discussed here are the presenters own and do not necessarily

451 views • 15 slides
Pre-ICANN57 Policy Update Webinar 20 October 2016 | 10 UTC & 19 UTC Welcome to the

Pre-ICANN57 Policy Update Webinar 20 October 2016 | 10 UTC & 19 UTC Welcome to the

Pre-ICANN57 Policy Update Webinar 20 October 2016 | 10 UTC & 19 UTC Welcome to the Pre-ICANN57 Policy Update Webinar David Olive Senior Vice President, Policy Development Support General Manager, ICANN Regional Headquarters Hub in

965 views • 78 slides
Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian

Complex Security Policy? A Longitudinal Analysis of Deployed Content Security Policies Sebastian Roth , Timothy Barron, Stefano Calzavara, Nick Nikiforakis & Ben Stock Network and Distributed System Security Symposium (NDSS '20) Cross-Site

878 views • 31 slides
Policy Development Process & Policy Update Newcomers Session - 11 Sep 2020 ORGANISED

Policy Development Process & Policy Update Newcomers Session - 11 Sep 2020 ORGANISED

Policy Development Process & Policy Update Newcomers Session - 11 Sep 2020 ORGANISED BY Policy Development Process & Policy Update Madhvi Gokool 11 SEPTEMBER 2020 Why should you care? Public IP Number Resources are The

566 views • 23 slides
Finance, Costing, & Audit Policy Update Co-Chairs: Michelle Bulls, NIH Office of Policy for

Finance, Costing, & Audit Policy Update Co-Chairs: Michelle Bulls, NIH Office of Policy for

Finance, Costing, & Audit Policy Update Co-Chairs: Michelle Bulls, NIH Office of Policy for Extramural Research Administration Jim Luther, Duke University January 10, 2020 Plenary Update GOALS To reduce administrative burden for

128 views • 12 slides
and Advocacy in Alaska Outline: Framing Food Security/Insecurity Food Security in Alaska

and Advocacy in Alaska Outline: Framing Food Security/Insecurity Food Security in Alaska

Anti-Hunger Policy and Advocacy in Alaska Outline: Framing Food Security/Insecurity Food Security in Alaska Federal Policy and Advocacy State Policy and Advocacy SNAP FINI Grant Useful Reports Policy

852 views • 12 slides
ICANN Policy Update Webinar Policy Department, 22 November 2010 Introduction David Olive 1

ICANN Policy Update Webinar Policy Department, 22 November 2010 Introduction David Olive 1

ICANN Policy Update Webinar Policy Department, 22 November 2010 Introduction David Olive 1 Goals for this session Update you on current Policy work and encourage you to participate Review issues to be discussed at the ICANN Meeting in

929 views • 65 slides
Netherlands Eric Lambermon EPCCS-Councilmeeting Stratford Upon Avon December 6, 2017

Netherlands Eric Lambermon EPCCS-Councilmeeting Stratford Upon Avon December 6, 2017

Netherlands Eric Lambermon EPCCS-Councilmeeting Stratford Upon Avon December 6, 2017 Demografics Population: 17.000.000 500 people per km 2 landsurface 9200 General Practitioners 1850 patients per GP 3-year training

309 views • 7 slides
+ Section 3 Threading and Locking + Definitions What is a thread? + Definitions What is a

+ Section 3 Threading and Locking + Definitions What is a thread? + Definitions What is a

+ Section 3 Threading and Locking + Definitions What is a thread? + Definitions What is a thread? A single flow of control with a process + Definitions What is a thread? A single flow of control with a process Why use threads? + Definitions

716 views • 26 slides
Outbound Changes and Issues Rohan Mahy rohan@ekabal.com Agreed Changes since -04 (1/2)

Outbound Changes and Issues Rohan Mahy rohan@ekabal.com Agreed Changes since -04 (1/2)

Outbound Changes and Issues Rohan Mahy rohan@ekabal.com Agreed Changes since -04 (1/2) Moved STUN to a separate section. Reference this section from within the relevant sections in the rest of the document. Add language clarifying

473 views • 13 slides
T HE high luminosity LHC upgrade aims at increasing the integrated luminosity of the LHC by a

T HE high luminosity LHC upgrade aims at increasing the integrated luminosity of the LHC by a

This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/TASC.2017.2651358, IEEE Transactions on Applied

248 views • 5 slides
Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security

Mobile Communications Mobile Communications Security Types of Attacks 802.11 Security Access Control Lists Access Control Lists GSM Security GSM Security WEP Authentication WPA/WPA2 Encryption 802.1X/EAP

536 views • 43 slides
Aim Increase the value of the public health practitioner professional workforce Objectives

Aim Increase the value of the public health practitioner professional workforce Objectives

Aim Increase the value of the public health practitioner professional workforce Objectives Sharing the importance and value of public health practitioners from an employers perspective Recognising assessors and verifiers as the

626 views • 6 slides
PKI based Access Control with Attribute on n users Application Profile (AP) cwr cwr cwr cwr

PKI based Access Control with Attribute on n users Application Profile (AP) cwr cwr cwr cwr

Visibl Card issuing Unive Foreign users Card e rsity holder Metho intern Data element Stude Staff Guest Unive Unive Other ds al nts admin admin rsity rsity s admin istrati istrati users consol depen istrati on on

407 views • 21 slides
Introduction to the course Information Security Daniel Bosk Department of Information Systems

Introduction to the course Information Security Daniel Bosk Department of Information Systems

Scope and aims Course structure and content overview Course content Assessment Introduction to the course Information Security Daniel Bosk Department of Information Systems and Technology Mid Sweden University, Sundsvall School of

801 views • 29 slides

More recommend