Versions Compared

Old Version 12

changes.mady.by.user Unknown User (szegedi)

Saved on

compared with

New Version 13

changes.mady.by.user Laura Durnford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleSecurity and Trust

Alf Moens, SURF

24 February 2104

For some time a couple of NREN CISO’s have been talking about setting up a CISO-working party. For this moment it is unknown how many NREN’s have a CISO or someone acting as a CISO. A couple of CISO’s think it is useful for NREN CISO’s to know each other and to start working together in addressing the many issues the NREN’s and their constituents are facing now and in coming years.

The NREN’s have been working together for more than twenty years, based on mutual trust. We are moving from networking to application services, we there fore need to define what the trust is based upon and how we can ensure future cooperation can be achieved with the same of higher level of trust.

Objectives (these can be ranked)

  • Build a community of NREN CISO’s: This will speed up communication and exchanging of ideas and initiatives in quiet times and in times of crises.
  • Share knowledge and experience
    • On strategic and tactical subjects concerning information security
    • On organizing information security for the NREN constituents
  • Develop strategies for addressing present and future threats
  • Develop a trust framework for NRENs, and their products and services, based upon international standards and good practices in some NRENS

Scope

The scope of the CISO working party is

  • the NRENs
  • the constituents of the NRENs, not individual but as a group
  • strategic and tactical on information security and mutual trust

Subjects (to start with)

  • “inventory” of NREN CISO’s: who-is-who, who are we missing?
  • inventory of local communities in security and privacy related to the NREN constituents. Combine the experiences of existing communities for drafting a best practice
  • Agree on Trust: What is mutual trust between NRENs based upon and how can this be secured in the future
  • inventory of materials local communities have available
  • organisation of the working party, should it be a taskforce?

Some strategic subjects are already addressed in other taskforces

Liaison with

  • Incident respons ic.  TF-CSIRT
  • Product and service development: TF-MSP
  • Operations: TF-NOC
  • External relations - TF-CPR