Policy Framework
From JSPGwiki
A Security Policy Framework for Collaborating Grids.
Policy items:
- Registration
- Incident Response
- Traceability
- Personal Data Protection
- Monitoring & auditing (policy compliance)
- Vulnerability management - Patching (sub-component)
- Choice of security software (authn technology for example)
- IPR
- Liability
- Access Control
- Operational Responsiveness
- Behaviour/Good citizenship (operational quality?)
- Protection of user/application data
- Legal compliance
- Change management, risk assessment
- Best practice
Collaborating infrastructures should implement a security policy framework aimed at managing cross-infrastructure operational security risks by addressing all of the following areas:
| Table of contents |
Operational Security
The management of risk is fundamental to the operation of any infrastructure. Identifying the cause of incidents is essential to prevent them from re-occurring. In addition, it is a goal to contain the impact of an incident while keeping services operational. For response to incidents to be acceptable this needs to be commensurate with the scale of the problem. It is essential to be able to understand the cause and to fix any problems before re-enabling access for the user.
A collaborating infrastructure must provide the following:
- The capability to identify and contact, authenticated users, service and resource providers of the infrastructure.
- A documented and publicly available process to manage vulnerabilities (including reporting and disclosure) in any software distributed within the infrastructure.
- The capability to protect the infrastructure against significant and immediate threats posed by any service or resource provider of the infrastructure.
- The capability to enforce the regulation of security policies, including powers to require actions as deemed necessary to protect resources from or contain the spread of an incident.
- A process that ensures that security patches are applied in a timely manner.
- A documented escalation procedure to handle policy violations in the infrastructure.
- The capability to apply fine-grained controls in order to regulate the access of authenticated users
Incident Response
A collaborating infrastructure must provide the following:
- Sufficient means to ensure all security incidents are appropriately handled
- The capability to collaborate in a timely manner, during the handling of a security incident with affected service and resource providers, communities, and infrastructures
- Assurance that information obtained during collaborative investigations will only be shared with trusted security teams on a need to know basis, and will not be redistributed further without prior approval.
- A public webpage containing contact details to report and discuss security incidents
- An incident response procedure. This document must be publicly available and must ensure that security incidents are assigned a unique identifier
Traceability
The aim is to be able to answer the basic questions who, what, where, and when concerning any incident. This requires retaining all relevant information, including timestamps and the digital identity of the user, sufficient to identify, for each service instance, and for every security event including at least the following: connect, authenticate, authorize (including identity changes) and disconnect.
A collaborating infrastructure must provide the following:
- Traceability of service usage, by the production and retention of appropriate logging data, to identify the source of all actions as defined above
- A specification of the minimum data retention period, consistent with local and international regulations
<-->
User Responsibilities
A collaborating Grid must provide the following components:
- An Acceptable Use Policy (AUP) to which end users of its resources must agree to abide, describing the responsibilities of the user to aim at maintaining a secure environment, and to collaborate with grid security operations when needed
- Traceability and logging requirements to be used in identifying the source of security incidents and the identity of the individual(s) involved.
- A documented escalation procedure to ensure that any participating user posing a threat for the rest of the infrastructure, or not following its AUP, is temporarily suspended
- A process to manage the authorisation of individuals and/or groups (e.g. virtual organisations), including a description of the purpose and scope of their intended use of Grid resources. The process should cover at least the following: registration, removal, suspension, authorisation and the mechanism in place to contact any end user for administrative or security purposes
Site/Resource Provider/Service Provider Responsibilities
A collaborating Grid must provide the following components:
- A process to register sites and record and maintain contact information for at least one manager and a security contact
- A set of requirements and responsibilites on sites to meet the operational security and data handling components (see elsewhere), including at least
- data protection/handling
- patching of software
- traceability and logging
- security incident response
- access control and Grid-wide authentication and authorisation (do we need to define interoperable security middleware somewhere?)
Data Protection
A collaborating Grid must provide the following components:
- A classification of data including at least public and confidential
- For confidential data, a process for handling this so that only authorised access is allowed
- including confidendiality of logged information
- A process for handling data marked as confidential by a collaborating Grid
- A procedure for dealing with any exposure of confidential data
- A policy and procedures for the handling of personal data that comply with Data Protection laws both inside the Grid and in any collaborating Grid with which personal data is exchanged
Exclusions
We have considered and deliberately excluded: IPR, liability, software licensing, copyright.
