Trusted CI began its partnership with SGCI about three years ago. The partnership has developed into two main functions: to provide specialized engagements to gateway developers and operators seeking cybersecurity support, and to present on relevant cybersecurity topics during SGCI focus weeks (formerly called "bootcamps") and related events.
Trusted CI Engagements with Science Gateways
Below are a few examples of Trusted CI's contributions to science gateways- GISandbox: Reviewed their operational security and science gateway code
- 'Ike Wai: Reviewed their identity and access management (IAM) implementation
- EarthCube Data Discovery Studio: Reviewed the security of the project server and website
- UC SanDiego's BRAIN Lab: Advised on using the cloud storage service, Box, for one of their projects
- The Rolling Deck to Repository (R2R): Presented best practices in transferring and archiving data
- SeedMeLab: Advised the project on using software penetration testing
- cloudperm: Trusted CI has written an app that checks permissions on Google documents to identify potential sensitive material accessible to the public. This scan has been used by SGCI to review its own documents.
Resources offered by Trusted CI include:
- Developing a Cybersecurity Program: a tractable method to build policies and procedures for cyberinfrastructure
- Cybersecurity checkups: a tailored approach to accessing the maturity of a security program
- Identity and Access Management: a collection of resources to improve authentication and authorization
- Open Science Cyber Risk Profile: Providing risk profiles for common scientific assets.
- Training: providing training on cybersecurity via Science Gateway focus weeks and webinars
- Providing advice to the SGCI team on protecting their own internal information assets.
Upcoming events
The next SGCI focus week is September 9 - 13 in Chicago, IL. According to the website, a few spots are still available.The Gateways 2019 Conference is September 23 - 25 in San Diego, CA.