Thursday, November 13, 2014

Cybersecurity at SC14

CTSC team members will participating in a variety of activities at SC14 open to any attendee.

On Tuesday from 2-4pm in Von Welch is organizing a MAGIC meeting in room 204 focusing on international issues in identity management. Speakers include Ann West on “InCommon and International Interfederation”, Harold Teunissen providing an update on identity management in the EU, Tom Barton on “Federated Security Incident Response”, and Nick Jones providing an update on identity management in New Zealand.

On Tuesday from 4-4:30pm, Von Welch will be in the Indiana University booth (1339) presenting on "Cybersecurity for Science."

On Wednesday from 3-4pm and Thursday from 1-2pm, join Adam Slagell and Jim Basney in the NCSA booth (1621) for an informal discussion of cybersecurity at NCSA, including the activities of the Bro Network Security Monitor and CILogon federated identity management projects.

Feel free to contact any CTSC team member directly to chat as well.

Tuesday, November 4, 2014

New CTSC Cybersecurity Plan published

About a year ago, CTSC published it's own cybersecurity plan. As part of that plan, the plan itself receives an annual review. That review has been completed and version 2.0 of the plan and supporting documents have been published on CTSC's website. The supporting documents include an analysis via Attack Trees, a System Characterization, and a Threat Assessment.

While all these document receives some updates, the updates in the main version 2.9 Policies and Procedures document were:
  • Minor changes for clarity.
  • Added clause that Google accounts used to access Google drive are used exclusively by a CTSC staff member.
  • Added Section 6 on Revocation of Access
  • Changed “private” information to “engagement-related” information.
  • Labeling of sensitive information only required “whenever feasible.”
  • Removed requirement for encryption of sensitive data at rest due to complexity of implementation in a group setting.
  • Added annual review of Google account and domain in which CTSC documents reside.
We've learned a lot about developing cybersecurity plans for NSF CI projects over the past two years and when we revise the plan again in 2015, we will use our Guide to Developing Cybersecurity Programs for NSF Science and Engineering Projects as the basis.