Tuesday, June 18, 2019

Trusted CI at the 2019 annual Great Plains Networks All-Hands Meeting May 21-23

Ishan Abhinit conducting log analysis exercise at GPN AHM 2019
Following on the successful workshops Trusted CI staff provided at the 2017 Great Plains Network All-Hands Meeting, The Trusted CI staff was invited back to the event in 2019 by GPN staff. Five members of the Trusted CI staff presented a series of three workshops from May 21st - 23rd at the 2019 Great Plains Networks All-Hands Meeting. The workshops covered log analysis, risk management for regulated data, and developing information security programs for research projects and facilities.

Building a NIST Risk Management Framework for HIPAA and FISMA Compliance - Wednesday, May 22 (Anurag Shankar & Ryan Kiser)
Anurag Shankar and Ryan Kiser led a workshop to prepare attendees to effectively leverage NIST’s risk management guidelines as a tool to address the increasingly heavy demands of regulated data on research workflows. They provided an overview of the requirements for handling different types of regulated data such as PHI and CUI as well as a unified risk-based methodology for adhering to these requirements.

Security Log Analysis - Wednesday, May 22 (Mark Krenz & Ishan Abhinit)
Mark Krenz and Ishan Abhinit presented a half day workshop on Security Log Analysis including a 45 minute exercise developed by fellow Trusted CI colleague Kay Avila. The hands on exercise involved performing analysis on an Apache web server log file to find attacks at 6 levels of difficulty. The workshop also covered important aspects of collecting, organizing and analyzing log files as well as provided specific techniques for finding different types of attacks. Real time polling was utilized as a method of helping enguage with attendees as well as gaining insight into community practices.

A Practical Cybersecurity Framework for Open Science Projects and Facilities- Thursday, May 23 (Bob Cowles)
Bob conducted a workshop to give attendees a foundation in what it means to have a basic, competent cybersecurity program for open science projects. In addition to lively discussion from the participants, the four pillars of the Trusted CI Framework were presented along with the sixteen “musts” that compose the core framework requirements. Participants were provided with the tools for building a cybersecurity program and encouraged to use a set of rational, evidence-based controls as a component of their program.
Left to right: Bob, Anurag, Ishan, Michael, Mark, Ryan

Attending the conference also allowed Trusted CI staff to meeting and provide less formalized cybersecurity discussion and consultation during social events at the conference. While visiting Kansas City, the Trusted CI team also had the opportunity to meet with Michael Grobe, who is a member of the distributed computing community and co-developer of Lynx, one of the first popular web browsers.

The materials presented by Trusted CI at the conference as well as others can be found on the Trusted CI website.