Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

Similar documents
WP3: Policy and Best Practice Harmonisation

Federated Security Incident Response. Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi)

Federated Identity Management for Research Collaborations. Bob Jones IT dept CERN 29 October 2013

Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework

An introduc/on to Sir0i

AARC Assurance Profiles

REFEDS Minutes, 22 April 2012

WP JRA1: Architectures for an integrated and interoperable AAI

Sirtfi for Security Incidents in a Federated Context. Tom Barton, UChicago & Internet2

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

eidas cross-sector interoperability

REFEDS Year End Report 2015

Policy and Best Practice Harmonisation ( NA3 ) from the present to the future

User Community Driven Development in Trust and Identity Services

The Great Federation Showdown: IdP versus SP

The challenges of (non-)openness:

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Jeremy Olsen (Francis Crick Institute), Jens Jensen (STFC), Steven Newhouse (EBI), Darren

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

Grid Security Policy

Federated Identities and Services: the CHAIN-REDS vision

Sharing Best Security Practices with your Peers - on an International Level

GÉANT Community Programme

Evolving the trust fabric with AARC and EGI

Federated authentication for e-infrastructures

Federated Authentication for E-Infrastructures

An NSF Cybersecurity Center of Excellence to Support Research

Options for Joining edugain. Lukas Hämmerle, SWITCH DARIAH Workshop, Köln 18 October 2013

AARC Blueprint Architecture

BHConsulting. Your trusted cybersecurity partner

SAML Metadata Signing gpolicy and Aggregation Practice Statement

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

Oman Research & Education Network (OMREN)

BPS Suite and the OCEG Capability Model. Mapping the OCEG Capability Model to the BPS Suite s product capability.

Google Cloud & the General Data Protection Regulation (GDPR)

SAML2 Metadata Exchange & Tagging

SECURITY & PRIVACY DOCUMENTATION

Request for Comments: ISSN: S. Cantor Shibboleth Consortium August 2018

The AAF - Supporting Greener Collaboration

ISAO SO Product Outline

2. HDF AAI Meeting -- Demo Slides

SWAMID Person-Proofed Multi-Factor Profile

EUDAT - Open Data Services for Research

Raising Security and Trust in our Inter-Federated World

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

ISA99 - Industrial Automation and Controls Systems Security

Trusting External Identity Providers for Global

TEL2813/IS2820 Security Management

U.S. E-Authentication Interoperability Lab Engineer

Identity Assurance Profiles Bronze and Silver. January 14, 2013 Version 1.2 Rev. 5 Release Candidate

Minutes of the REFEDS Fall Meeting, 5 th September 2012, Utrecht

EUDAT. Towards a pan-european Collaborative Data Infrastructure

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

WLCG SOC Working Group

Best practices and recommendations for attribute translation from federated authentication to X.509 credentials

Cyber Security Program

BHConsulting. Your trusted cybersecurity partner

Approved 10/15/2015. IDEF Baseline Functional Requirements v1.0

Safeguarding unclassified controlled technical information (UCTI)

Position Description. Engagement Manager UNCLASSIFIED. Outreach & Engagement Information Assurance and Cyber Security Directorate.

Supply Chain Integrity and Security Assurance for ICT. Mats Nilsson

Géant-TrustBroker Dynamic inter-federation identity management

SOC for cybersecurity

Integrating Federations in the International Grid Trust Fabric

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

Securing Europe's Information Society

Sustainability in Federated Identity Services - Global and Local

edugain Policy Framework SAML Profile

Géant-TrustBroker Project Overview

Security Management Models And Practices Feb 5, 2008

Altius IT Policy Collection Compliance and Standards Matrix

EU Cloud Computing Policy. Luis C. Busquets Pérez 26 September 2017

TR TECHNICAL REQUIREMENTS FOR CERTIFICATION BODIES IN THE FIELD OF ROAD TRANSPORT MANAGEMENT SYSTEMS. Approved By:

1. Publishable Summary

Certified Information Systems Auditor (CISA)

STORK Secure Identity Across Borders Linked

Altius IT Policy Collection Compliance and Standards Matrix

Cloud Computing Microsoft in the Enterprise. Anthony Murphy, Cloud Solution Specialist Microsoft

Cloud Security Standards

EUDAT. Towards a pan-european Collaborative Data Infrastructure

An Overview of ISO/IEC family of Information Security Management System Standards

Assurance Enhancements for the Shibboleth Identity Provider 19 April 2013

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

PONEMON INSTITUTE RESEARCH REPORT 2018 STUDY ON GLOBAL MEGATRENDS IN CYBERSECURITY

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

How Secure is Blockchain? June 6 th, 2017

MNsure Privacy Program Strategic Plan FY

Medical Device Cybersecurity: FDA Perspective

Federated access to Grid resources

Big Brother is Watching Your Big Data: z/os Actions Buried in the FISMA Security Regulation

Partnership Information

Sparta Systems TrackWise Digital Solution

Introduction. Angela Holzworth, RHIA, CISA, GSEC. Kimberly Gray, Esq., CIPP/US. Sr. IT Infrastructure Analyst

National Cybersecurity Center of Excellence (NCCoE) Energy Sector Asset Management

Transcription:

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

Outline Input FIM4R requirements TNC2014 BoF Romain Wartel Security for Collaborating Infrastructures (SCI) Sir-T-Fi 1 st meeting - 18 June 2014 Mail list, wiki, document 2 nd F2F meeting this week Friday morning 26 Oct 14 SIRTFI, Kelsey 2

Federated IdM for Research (FIM4R) Includes photon & neutron facilities, social science & humanities, high energy physics, climate science, life sciences and ESA Aim: define common vision, requirements and best practices Vision and requirements paper published https://cdsweb.cern.ch/record/1442597 26 Oct 14 SIRTFI, Kelsey 3

FIM4R paper Operational requirements include: Traceability. Identifying the cause of any security incident is essential for containment of its impact and to help prevent re-occurrence. The audit trail needs to include the federated IdPs. Appropriate Security Incident Response policies and procedures are required which need to include all IdPs and SPs. 26 Oct 14 SIRTFI, Kelsey 4

On the importance of! Operational Security! and! Security policies TNC2014, Dublin, 19-22 May 2014! R. Wartel, CERN 26 Oct 14 SIRTFI, Kelsey 5 1

26 Oct 14 SIRTFI, Kelsey 6

Investigating security incidents Understand the source of incidents to prevent re-occurrence! Operational collaboration is the only way to do this! Trust is a key component People need to trust others have the means to:! Respond to email or phone and will collaborate! Contact affected users under its governance! Deal with confidential information! Follow whatever incident response procedure is in place! etc.! Participate in incident response all on a best effort basis! Basically: behave as a responsible citizen! Need common or compatible policies there 26 Oct 14 SIRTFI, Kelsey 7 7

Wild West Impossible to impose practices on edugain participants! No minimal requirements for IdPs and SPs! No requirement to help/share/respond during security incidents! No process to make sure you will be informed of incidents, compromised IdPs, etc.! No incident reporting channel! No identity banning process 26 Oct 14 SIRTFI, Kelsey 8 8

A global response to a global problem Many years of incident response experience! NRENs are good at handling compromised IPs! Infrastructures are good at handling compromised accounts! Complementary, valuable, actual operational experience To operate across federations, essential to have:! Strong operational collaboration! Common policy standards & minimal requirements SCI (security for collaborations) started this work! EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, and XSEDE! Discussions started to expand this work to federations! Goal: produce minimal requirements for edugain IdPs & SPs! Experts from: edugain, REFEDS, FIM4R, etc. 10 26 Oct 14 SIRTFI, Kelsey 9

Security for Collaborating Infrastructures (SCI) A collaborative activity of information security officers from large-scale infrastructures EGI, OSG, PRACE, EUDAT, CHAIN, WLCG, XSEDE, Developed out of EGEE security policy group We are developing a Trust framework Enable interoperation (security teams) Manage cross-infrastructure security risks Develop policy standards Especially where not able to share identical security policies Version 1 of SCI document http://pos.sissa.it/archive/conferences/179/011/isgc%202013_011.pdf 26 Oct 14 SIRTFI, Kelsey 10

SCI: areas addressed Operational Security Incident Response Traceability Participant Responsibilities Individual users Collections of users Resource providers, service operators Legal issues and Management procedures Protection and processing of Personal Data/ Personally Identifiable Information 26 Oct 14 SIRTFI, Kelsey 11

Sir-T-Fi 1 st Meeting A Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) After discussions at TNC2014 Meeting at TERENA offices 18 th June David Groep, Leif Johansson, Dave Kelsey, Leif Nixon, Romain Wartel Remote: Tom Barton, Jim Basney, Jacob Farmer, Ann West Apologies from Ann Harding, Von Welch, Scott Koranda, Licia Florio, Nicole Harris 26 Oct 14 SIRTFI, Kelsey 12

Meeting 18 th June Discussed general aims and thoughts For now only address security incident response Assurance profile to meet requirements on incident response Needs to be light weight - IdPs self assert Federation Operators act as conduits of information from IdP Need a flag of compliance (for relying parties) In IdP metadata Could be per user Use edupersonassurance or SAMLAuthenticatonContextClassRef in assertions from IdP First modifications to SCI document Operational Security, Incident Response and Traceability 26 Oct 14 SIRTFI, Kelsey 13

Sir-T-Fi since June One phone/video meeting 1 st Oct Mail list sirtfi@terena.org Wiki https://refeds.terena.org/index.php/sirtfi Doc moved to Google Docs Document evolving Make public once we have a reasonable first draft 26 Oct 14 SIRTFI, Kelsey 14

Some text from document Abstract The Sir-T-Fi group (Security Incident Response Trust Framework for Federated Identity) is a collaborative activity of information security professionals from national identity federations and distributed IT infrastructures in the research & education sector. Its aim is to simplify the management of cross-infrastructure operational security risks, to build trust and develop policy standards for collaboration in security incident response. 26 Oct 14 SIRTFI, Kelsey 15

Example Text (2) Security Incident Response Each Claims Processor must: [IR1] Provide security contact information who will respond in a timely manner according to current best practice, e.g. one working day. [IR2] Have an established Incident Response procedure. This must address: roles, authority, and responsibilities; identification and assessment of an incident; minimising damage, response and recovery strategies; [IR3] The ability and the willingness to collaborate in the handling of a security incident with affected Claims Processors; [IR4] Respect and should use the TLP (ref) information disclosure policy. 26 Oct 14 SIRTFI, Kelsey 16

Next steps Sir-T-Fi meeting on Friday morning How do we encourage deployment ACAMP this week Input from others, e.g. http://www.cic.net/docs/default-source/technology/ federated_security_incident_response.pdf EU H2020 AARC Can provide test use cases Activity is very much open People welcome to join Ask Nicole Harris if you wish to join mail list 26 Oct 14 SIRTFI, Kelsey 17

Questions? 26 Oct 14 SIRTFI, Kelsey 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback