Services for the European Open Science Cloud

IT Security Management (ISM) in EOSC-hub: policies and global trust

When: 
Thursday, October 11, 2018 - 11:30 to 16:00
Description: 

The aims of IT Security Management (ISM) include the management of security risk, the maintenance of confidentiality, integrity and availability of services and data, the handling of security incidents, the prevention of incidents by handling vulnerabilities, and the definition of best practice together with appropriate dissemination and delivery of training courses. In the world of Open Science and in view of the ever-changing landscape of security threats on the Internet, ISM is an ongoing global challenge. Experience has shown that security and trust is best tackled in a collaborative way, especially as the Infrastructure security teams have to trust each other, to allow for the proper handling of those security incidents which spread between Infrastructures.

Learning goal: 

This talk will present the developments made by the EOSC-hub security team in 2018, including the work on harmonising EGI and EUDAT policies and procedures, in collaboration with the EU H2020 AARC2 project, and streamlining security policies within EOSC-hub.
In 2018, we have worked, for example, on a harmonised Acceptable Use Policy (AUP). This is important for collaboration between Infrastructures as a single common baseline AUP, shared between Infrastructures, makes user registration simpler. We have also worked on a GDPR policy framework to help tackle the issues of Data Privacy across the Infrastructures. The current status of the various security policies will be presented together with planned future work. To help address issues of security and trust between collaborating infrastructures across the world, the WISE (Wise Information Security for e-Infrastructures) Community was created back in 2015. This community has produced a number of documents and continues to be active in several areas related to ISM. This talk will also present recent work in WISE to build trust and define best practice, in working groups on Security for Collaborating Infrastructures, and on the security issues related to High Throughput Data transfers.

Venue: 

ISCTE, University of Lisbon

Address: 

Format: