Advanced notice :
We will be upgrading wiki.geant.org from the current version of Confluence Server to the current LTS version 8.5. During the maintenance window we expect that there will be an outage of 20 minutes.
Maintenance start time: 22/10/2024 16:00 UTC. Maintenance end time: 22/10/2024 18:00 UTC.
GÉANT Security and Privacy white paper:
| White paper |
|---|
GÉANT Security and Privacy activities White paper |
| Annexes (Action templates) |
|---|
| Annex 2: Firewall on Demand |
GN4-3 Security White Paper outline for download
We aim to provide guidance for security activities for GÉANT and th
e NRENs for the period of 2018 – 2022. In the GN3-4 Security White Paper, we will address some of the cybersecurity challenges of the NREN community, focussing on six main areas:
| Main themes | |
|---|---|
| Security Baselining for products, services and organisations | Agreed frameworks and guidelines, their applications, what they mean for the organisation, frameworks as a means to prove and improve mutual trust between organisations thru benchmarking and sharing, both organisational and technical |
| (Managed) Security products and services | Services delivered by NRENs or joint services delivered by GÉANT, for example Certificate Services (TCS, other), DDoS mitigation, (virtualised) Firewalling, and others. Research into the use of emerging technologies such as quantum cryptology and blockchain technologies. |
| Legal compliance (including privacy compliance) | EU and other regulations on security, privacy and data sharing, measures that need to be taken and implemented (GDPR[i], NIS Guideline, EIDAS, to mention a few), representing NRENs in influencing what the regulations will be about in the future |
| Management of risks | Identifying risks, risk management methods, risk registers, (cyber) threat assessments, threat intelligence sharing, sharing best practices |
| Training and awareness | Creating cyber security awareness culture, communicating risks, threats and their mitigation internally; specific training needs of the security officers, applying the newest training methods (online trainings, serious gaming, simulation) |
| Incident response, business continuity and crisis management | Addressing and managing security breaches and attacks not only on networks, but also on internal services, ways of dealing with unexpected threats, managing crises, preparing for the unexpected |
[i] In this paper, we will not discuss implementing GDPR compliance as the new GÉANT Task Force will be working on it.
Community Consultations
Community consultations are organised to:
- Collect feedback on the 6 main themes identified
- Collect specific ideas that could be included in the paper
- Rate the ideas suggested from the most to least urgent
The results of the community consultations:
| Consultation | Date, place | Results |
|---|---|---|
| SIG-ISM Security white paper consultation | 5 October, Brussels | SLIDES |
| Public Security white paper consultation (1) | 16 October, Online | SLIDES |
| Public Security white paper consultation (2) | 25 October, Online | SLIDES & additional proposals |
| Public Security white paper consultation (3) | 31 October, Online | Reference docs for the last consultation:
Consultation notes: |
| Joint results (ratings) | - | Security white paper brainstorm sessions results.xlsx (including 25 October) |
Authors
Alf Moens (SURFnet)
Sigita Jurkynaitė (GÉANT)