EGEE III Activities for the OSCT (TSA 1.4.1, 181 PM)

Monthly ROC status update:

• November 2008 (status of October 2008 activity)
• December 2008 (status of November 2008 activity)
• January 2009 (status of December 2008 activity)
• February 2009 (status of January 2009 activity)
• March 2009 (status of February 2009 activity)
• April 2009 (status of March 2009 activity)
• May 2009 (status of April 2009 activity)
• June 2009 (status of May 2009 activity)
• July 2009 (status of June 2009 activity)
• August 2009 (status of July 2009 activity)
• September 2009 (status of August 2009 activity)
• October 2009 (status of September 2009 activity)
• November 2009 (status of October 2009 activity)
• December 2009 (status of November 2009 activity)

Base activity for all ROCs 88 PM (8 PM per ROC)

• The workload should increase as EGI becomes closer and as the other activities mature
• Day-to-day issues
• OSCT-DC
• Issues detected by the monitoring tools
• Work in the region (challenges, local events, etc.)
• Contributions to JSPG
• Contributions to EGEE deliverables
• Meeting organisation
• EGI planning and organisation

Pan regional activities 103 PM?

• The workload should decrease as the activities mature

Monitoring - Estimated efforts: 38 PM?

The primary goal of the security tests is to achieve and keep a high level of overall security on the project level. Security monitoring will provide the project (or ROCs) with an overview of situation on sites. The ROC/project-level monitoring tools will run security-oriented tests utilizing the public interface of sites and make the results available to responsible people. The OSCT will primarily address monitoring performed from the project/ROC levels. Site-level security monitoring goes beyond the scope of the OSCT and currently is deemed as minor. Support for site level monitoring will be only limited and focused on cases having influence on the overall grid infrastructure. We prepared a document describing further information about how security probes will be integrated with the new Nagios infrastructure.

Incident response - Estimated efforts: 20 PM?

Training and dissemination - Estimated efforts: 35 PM?

To-do-list (training&dissemination)

• All contributing ROCs add input to Service Reference Cards;(note: we no longer use "Security recommendations for grid services") Please click here to find the detail topics each ROC has chosed:
• All contributing ROCs add input to http://t-security01.grid.sinica.edu.tw/index.html;
• To organise a security training workshop in each ROC, once per year; The following workshop is planned:
  

Contributing ROCs	Planned Date	Links	Complete	Comments
France	2nd April 2009	http://indico.in2p3.fr/conferenceDisplay.py?confId=1605	Yes	Participants are French site security contacts, the security officer of IN2P3 (French HEP research institution), the security officer from CNRS, probably somebody from CERT RENATER (French NREN), the French Grid CA representative, experts for some related fields (analyzing logs for example).
Asia Pacific	19th April 2009	http://event.twgrid.org/isgc2009/program.htm#EGEE2	Yes	training workshop proceed ISGC 2009
UKI	1st July 2009	http://hepwww.rl.ac.uk/sysman/June2009/agenda.html	Yes	One day security workshop held at RAL, UK. Participants are UK site administrators and managers. Apart from Grid security topics, two external speakers from OXcert and JANET CSIRT were invited to give talks on incident handling and collabration between Grid and CSIRTs
DECH	September 2009	http://www.fzk.de/gks09	Yes	Half day Security training incorporate into GridKa School from August 31 to September 4 2009, in Karlsruhe / Germany
Asia Pacific	7th March 2010	http://event.twgrid.org/isgc2010/program.html	No	One day security workshop before ISGC 2010

-- MingchaoMa - 19 June 2009

Global architecture security review: 5 PM?

Audit (VO scheduler, Web applications, etc.): 5 PM?

-- RomainWartel - 23 May 2008