Speakers
Description
4. Conclusions / Future plans
The approach is pragmatic because it focuses on results and is iterative. We work on both technical and organisational sides by checking the vulnerability risk assessment of software and auditing operational guidelines for the use of the grid. Achievement of security objectives is measured against the standard ISO27000s.
That will lead us to get a formal estimation of the level of maturity for integrated security one could expect from EGEE resources.
3. Impact
This activity is complementary to the other activity dealing with security in EGEE.
In fact, EGEE Grid Security provides the suckle for security (operational management tools and security infrastructure), and ISSEG focuses on practical expertise on the deployment of integrated site security; our activity, as described above, aims at providing assessment. The activity will produce feedback for those projects.
Finally, the ISMS (Information Security Management System) deployment task will be made simpler to security manager who are dealing with EGEE-grid.
1. Short overview
AUVERGRID is developing an activity in the field of security management which aims at answering the question of many grid users and administrators:
«How much can I trust EGEE security features and services?”.
Our goal is to provide a formal response to site security managers, and grid users.
Provide a set of generic keywords that define your contribution (e.g. Data Management, Workflows, High Energy Physics)
Grid security, security risk mitigation, authenticity, secure access, authorization