...
Meeting 8 July 16 - what about using the words "flexible and adaptive".
Adam - Can you give an example of being flexible to a changing threat environment or a process that is not?
[OS4]
The capability to detect possible intrusions and protect the infrastructure against significant and immediate threats on the infrastructure.
...
Meeting 8 July 16 - Alf - Good to describe best practices and things that have been found to work. DaveK - main thrust is to gather evidence that an infrastructure has addressed the issue.
Adam - I find this far too broad to be useful. You could monitor syslogs, but have no host-based IDS on endpoints. You could monitor networks, but not host-data. You could monitor border traffic, but not internal. You could monitor central services run by the infrastructures, but the service operators at independent organizations vary. You might be able to detect brute-force SSH attempts, but not other scans. I imagine what is considered IDS by CERN vs. EGI is very different, too. I would consider scoping this to particular threats or changing it to something about maintaining the log reords necessary to investigate an intrusion.
[OS5]
The capability to regulate the access of authenticated users.
...