Versions Compared

Old Version 5

changes.mady.by.user Unknown User (szegedi)

Saved on

compared with

New Version 6

changes.mady.by.user Unknown User (szegedi)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

This Wiki Space is for the TERENA Chief Information Security Officer (CISO) group initiative.

Meetings and minutes 

Dates and locations

1st NREN Chief Security Officers’ Meeting

2nd NREN Chief Security Officers’ Meeting

(warning) TERENA Technical Committee Meeting

TF-NOC/TF-CSIRT/CISO session at the TF-NOC Task Force meeting

TNC2014 - CISO Session

28 September 2012, Hotel Slon, Ljubljana, Slovenia

26 September 2013, London, UK

3 December 2013, on-line

20 March 2014, Cambridge, UK

19 May 2014, Dublin, Ireland

Other documentsDate
Alf Moens, SURF - Security and Trust

24 February 2104

1st NREN Chief Security Officers’ Meeting

...

Note
titleTERENA Techncal Committee Meeting

3 December 2013

Responding to the TAC request from June 2013, the CISO group reconvened as a side session at the TF-CSIRT meeting in London in September. Due to conflicting meetings, there were relatively few attendees at the session. The task of defining the role and profile of the Chief Information Security Officer was agreed and subsequently circulated on the mailing list.

It was pointed out at the CISO meeting that there was a general lack of awareness and commitment to the concept of security by NRENs and this awareness should be heightened, especially at the management level.

Action: 20131203-4 MN: Validate the CISO profile and role as formulated by the NREN CISO group and report this validation to the GA in Dublin

http://www.terena.org/about/ttc/minutes/TTCminutes-20131203.pdf

TF-NOC Task Force meeting

TF-NOC/TF-CSIRT/CISO Session

20 March 2014

Cambridge, UK

 

Security and Trust

Alf Moens, SURF

24 February 2104

For some time a couple of NREN CISO’s have been talking about setting up a CISO-working party. For this moment it is unknown how many NREN’s have a CISO or someone acting as a CISO. A couple of CISO’s think it is useful for NREN CISO’s to know each other and to start working together in addressing the many issues the NREN’s and their constituents are facing now and in coming years.

The NREN’s have been working together for more than twenty years, based on mutual trust. We are moving from networking to application services, we there fore need to define what the trust is based upon and how we can ensure future cooperation can be achieved with the same of higher level of trust.

Objectives (these can be ranked)

  • Build a community of NREN CISO’s: This will speed up communication and exchanging of ideas and initiatives in quiet times and in times of crises.
  • Share knowledge and experience
    • On strategic and tactical subjects concerning information security
    • On organizing information security for the NREN constituents
  • Develop strategies for addressing present and future threats
  • Develop a trust framework for NRENs, and their products and services, based upon international standards and good practices in some NRENS

Scope

The scope of the CISO working party is

  • the NRENs
  • the constituents of the NRENs, not individual but as a group
  • strategic and tactical on information security and mutual trust

Subjects (to start with)

  • “inventory” of NREN CISO’s: who-is-who, who are we missing?
  • inventory of local communities in security and privacy related to the NREN constituents. Combine the experiences of existing communities for drafting a best practice
  • Agree on Trust: What is mutual trust between NRENs based upon and how can this be secured in the future
  • inventory of materials local communities have available
  • organisation of the working party, should it be a taskforce?

Some strategic subjects are already addressed in other taskforces

Liaison with

  • Incident respons ic. 

...

  • TF-CSIRT
  • Product and service development: TF-MSP
  • Operations: TF-NOC

...