Versions Compared

Old Version 8

changes.mady.by.user Unknown User (szegedi)

Saved on

compared with

New Version 9

changes.mady.by.user Unknown User (szegedi)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

20 March 2014

Cambridge, UK

There was a session dedicated to security related discussions at the 10th TF-NOC meeting on 20 March 2014 in Cambridge, UK. The invited speakers of the panel were:

  • James Davis, JANET (CISO)
  • Alf Moens, SURF (CISO)
  • Lionel Ferette (TF-CSIRT chair)
  • Brian Nisbet, HEAnet (TF-NOC)
  • and a representative of the UK National Crime Agency.

The panel concluded that the network security issues are handled by the NOC very well. At the NRENs’ level there seems to be a healthy relationship and regular communication (i.e. clear escalation path) between the NOC and CSIRT teams. Most of the cases the CSIRT person is the member of the NOC team anyway.  Information security areas other than the network security are much more concerned including e.g., stuffing, customer services or finances.

The representative of the UK National Crime Agency emphasized the importance of the notification of local law enforcement bodies (police) about security bridges. Even if no investigation is started immediately, collecting and analyzing information is important. In case of security incidents, collecting as much information as possible and at the same time not contaminating evidences is very difficult in IT. Sharing best practices in this field would be beneficial. It also turned out that however most of the NOCs have contacts to local police (e.g., JANET has an MoU signed with the UK Crime Agency) notifications are very rare. NOC personnel have to be trained on in which cases and how low enforcement should be notified. The role of the CISO could be to overlook this procedure at the NREN level.

There was a requirement to investigate the possibility whether specialized TRANSITS security trainings can be given to NOC personnel on legal/policy issues and reporting of security bridges (including the collection and preservation of evidences). Lionel (TF-CSIRT chair) offered invitation to TF-NOC participants to TF-CSIRT meetings.

The participants agreed that attracting the right people is difficult. We need both management awareness and identification of key personnel at NRENs. For raising management awareness, a CISO meeting will be organised at TNC2014.

Note
titleSecurity and Trust

Alf Moens, SURF

24 February 2104

For some time a couple of NREN CISO’s have been talking about setting up a CISO-working party. For this moment it is unknown how many NREN’s have a CISO or someone acting as a CISO. A couple of CISO’s think it is useful for NREN CISO’s to know each other and to start working together in addressing the many issues the NREN’s and their constituents are facing now and in coming years.

The NREN’s have been working together for more than twenty years, based on mutual trust. We are moving from networking to application services, we there fore need to define what the trust is based upon and how we can ensure future cooperation can be achieved with the same of higher level of trust.

Objectives (these can be ranked)

  • Build a community of NREN CISO’s: This will speed up communication and exchanging of ideas and initiatives in quiet times and in times of crises.
  • Share knowledge and experience
    • On strategic and tactical subjects concerning information security
    • On organizing information security for the NREN constituents
  • Develop strategies for addressing present and future threats
  • Develop a trust framework for NRENs, and their products and services, based upon international standards and good practices in some NRENS

Scope

The scope of the CISO working party is

  • the NRENs
  • the constituents of the NRENs, not individual but as a group
  • strategic and tactical on information security and mutual trust

Subjects (to start with)

  • “inventory” of NREN CISO’s: who-is-who, who are we missing?
  • inventory of local communities in security and privacy related to the NREN constituents. Combine the experiences of existing communities for drafting a best practice
  • Agree on Trust: What is mutual trust between NRENs based upon and how can this be secured in the future
  • inventory of materials local communities have available
  • organisation of the working party, should it be a taskforce?

Some strategic subjects are already addressed in other taskforces

Liaison with

  • Incident respons ic.  TF-CSIRT
  • Product and service development: TF-MSP
  • Operations: TF-NOC

...