Jun 19 – 25, 2022
Split, Croatia
Europe/Zagreb timezone

Academic programme

The school will focus on the theme of Security of research computing infrastructures. The complete programme will offer around 30 hours of lectures, workshops and hands-on exercises, as well as a student presentations session, and special evening lectures. Classes are prepared and given by speakers who are security professionals with many years of experience in academia and research.

(Please note that this programme may be subject to minor changes.)

  • Introduction

    Security in research and scientific computing (1h introduction talk)
    by Stefan Lüders (CERN)

    • "why are we here?"
    • current risk landscape
    • most common threats and attack vectors

    Security operations (2h lectures)
    by Sven Gabriel (Nikhef, The Netherlands)

    • how security teams are structured, and operate
    • blue team vs. red team, bug bounty programs
    • asset management, resource lifetime
    • setting up a CSIRT
  • Track 1: Protection and prevention

    Identity, authentication, authorisation (1h lecture)
    by Hannah Short (CERN)

    • identity management and lifecycle
    • SSO, OpenID, multifactor authentication/2FA, OAuth, authentication tokens etc.
    • federated identities, identity assurance

    Security architecture (2h lectures and 1h exercises)
    by Barbara Krašovec (ISJ, Slovenia)

    • technical aspects of infrastructure security
    • OS security, configuration management
    • secure network design
    • virtualisation security

    Container security (1h lectures and 1h exercises)
    by Daniel Kouřil (CESNET, Czech Republic)

    • key concepts of containers (namespaces, cgroups etc.)
    • container as a common process in OS

    Vulnerability management (1h lecture)
    by Sven Gabriel (Nikhef, The Netherlands)

    • hardware, software and libraries
    • CVE, CVSS, CWE and related standards
    • vulnerability monitoring and scanning
    • responding to vulnerability advisories

    Application security and penetration testing (1h lecture and 2h exercises)
    by Sebastian Łopieński (CERN)

    • software and web application security
    • ethical hacking
    • introduction to pentesting
  • Track 2: Detection

    Logging and traceability (1h lecture)
    by David Crooks (UKRI-STFC, United Kingdom)

    • network and host-based monitoring
    • tools and technologies
    • data privacy, dealing with personal or sensitive data

    Intrusion detection with SOC (2h lectures and 3h exercises)
    by David Crooks (UKRI-STFC, United Kingdom)

    • indicators of compromise, threat intelligence sharing, TLP protocol
    • tools and technologies
    • deploying a Security Operation Center
    • detecting security incidents
  • Track 3: Response

    Introduction to forensics (2h lecture and 3h exercises)
    by Daniel Kouřil (CESNET, Czech Republic)

    • how to start, what to do and not to do
    • initial analysis and data acquisition

    Incident response (2h lectures)
    by Romain Wartel (CERN)

    • incident management and coordination
    • Sirtfi and trust frameworks
    • communication with local users, external communities, and other stakeholders
    • working with law enforcement
    • privacy aspects

    Coordination of security incidents (3h role-playing exercise)
    by Romain Wartel (CERN)

    • basic forensics
    • incident response procedures
    • central coordination
    • collaboration between organizations
    • dealing with the media and the law enforcement
  • Additional talks

    Special evening talk
    Ransomware - and much more!
    by Romain Wartel (CERN)

    TBC Special evening talk
    Future of the Universe and of Humanity
    by Ivica Puljak (University of Split, Croatia)

    Student lightning talks session