Tuesday, August 25, 2015

Nice incident response case study by U. Michigan

The University of Michigan has published a nice case study on an incident with their social media early this month. Publishing case studies such as this are a good way to disseminate our experiences and learn from each other.

(Image credit: http://socialmedia.umich.edu/blog/hacked/)

Friday, August 14, 2015

Gemini and CTSC Collaborate on Intensive Cybercheckup

In June 2015, as a precursor to a forthcoming full engagement, Gemini Observatory and CTSC undertook a brief, but very intensive “cybercheckup”-style engagement. Using Indiana University’s REDCap service (https://redcap.uits.iu.edu/), CTSC has developed a questionnaire designed to gather key pieces of information regarding the information security program at large-scale NSF projects and facilities. Gemini personnel completed this questionnaire, and met with the CTSC engagement team on two occasions, to discuss the cybercheckup process and provide more detailed information. In early July, CTSC delivered a report to Gemini with recommendations for the Gemini information security program, prioritized by CTSC’s estimated cost and impact in implementing the recommendations. Following the NSF Cybersecurity Summit, we will sit down in person in Arlington  to review the report. Gemini and CTSC will use these results to structure and make the most of our Fall 2015 full engagement.
"I feel very fortunate to have the resources of CTSC available to Gemini Observatory as we develop a more mature, comprehensive "v2.0" cybersecurity program. The breadth and depth of knowledge and experience that the CTSC team has contributed thus far is vast, and has been key in gaining budgetary and Directorate support for cybersecurity initiatives.” -- Tim Minick, Information Technology Services Manager, Gemini Observatory
CTSC thanks Gemini for the effort and openness required to make this kind of activity valuable.  

Wednesday, August 12, 2015

October 2015 WISE Workshop

Operators of scientific cyberinfrastructure (CI) and National Research and Education Networks (NRENs) will be meeting October 20-22 in Barcelona to discuss security collaboration at the WISE Workshop ("Wise Information Security for collaborating E-infrastructures"). Participants will discuss evaluating the maturity of security operations using frameworks such as ISO 27000, the Trust Framework for Security Collaboration among Infrastructures (SCI), and the CTSC Guide. Also, participants will discuss security incident handling, including the Security Incident Response Trust Framework for Federated Identity (Sirtfi). Please consider joining us at the workshop. It will be a particularly valuable opportunity for security staff supporting international scientific collaborations to interact with their European counterparts. Registration is now open. If you have any comments, including topics you would like CTSC staff to raise at the workshop, please join the CTSC discussion list or contact CTSC directly.