Advanced notice :
We will be upgrading wiki.geant.org from the current version of Confluence Server to the current LTS version 8.5. During the maintenance window we expect that there will be an outage of 20 minutes.
Maintenance start time: 22/10/2024 16:00 UTC. Maintenance end time: 22/10/2024 18:00 UTC.
We aim to provide guidance for security activities for GÉANT and the NRENs for the period of 2018 – 2022. In the GN3-4 Security White Paper, we will address some of the cybersecurity challenges of the NREN community, focussing on six main areas:
| Main themes | |
|---|---|
| Security Baselining for products, services and organisations | Agreed frameworks and guidelines, their applications, what they mean for the organisation, frameworks as a means to prove and improve mutual trust between organisations thru benchmarking and sharing, both organisational and technical |
| (Managed) Security products and services | Services delivered by NRENs or joint services delivered by GÉANT, for example Certificate Services (TCS, other), DDoS mitigation, (virtualised) Firewalling, and others. Research into the use of emerging technologies such as quantum cryptology and blockchain technologies. |
| Legal compliance (including privacy compliance) | EU and other regulations on security, privacy and data sharing, measures that need to be taken and implemented (GDPR[i], NIS Guideline, EIDAS, to mention a few), representing NRENs in influencing what the regulations will be about in the future |
| Management of risks | Identifying risks, risk management methods, risk registers, (cyber) threat assessments, threat intelligence sharing, sharing best practices |
| Training and awareness | Creating cyber security awareness culture, communicating risks, threats and their mitigation internally; specific training needs of the security officers, applying the newest training methods (online trainings, serious gaming, simulation) |
| Incident response, business continuity and crisis management | Addressing and managing security breaches and attacks not only on networks, but also on internal services, ways of dealing with unexpected threats, managing crises, preparing for the unexpected |
[i] In this paper, we will not discuss implementing GDPR compliance as the new GÉANT Task Force will be working on it.
Authors
Steve Kennett (Jisc)
Alf Moens (SURFnet)
Sigita Jurkynaitė (GÉANT)