Presentation is loading. Please wait.

Presentation is loading. Please wait.

Federated Incident Response

Published byอัษรา พิศาลบุตร Modified over 5 years ago

Similar presentations

Presentation on theme: "Federated Incident Response"— Presentation transcript:

1 Federated Incident Response
Presented during InCommon CAMP (June 22, 2010). Jim Basney

2 Motivation Federated identity used for activities of consequence
Access to NSF cyberinfrastructure (TeraGrid, …) Access to wireless networks (eduroam, …) Access to federal grant management (NSF, NIH, …) Access to commercial services (Dreamspark, …) Effective security incident response in federated identity environments requires cross-organizational cooperation Prepare now – stay ahead of the curve Federated Incident Response

3 CIC IDM WG TeraGrid Pilot
Committee on Institutional Cooperation ( Consortium of Big Ten universities plus U Chicago U Nebraska joining July 2011 CIC Identity Management Working Group TeraGrid Pilot sub-group Co-chairs: Von Welch, Keith Wessel (Illinois) Active participants: Jim Basney (Illinois), Michael Grady (Illinois), Matt Kolb (Michigan State), Rob Stanfield (Purdue) Drafting a Federated IDM Security Incident Response Policy Federated Incident Response

4 Federated Incident Response Policy
Draft documents at Does not supplant existing local policies, but augments them Defines responsibilities and roles of identity providers, service providers, federation operators, and users Service providers have ultimate authority to protect and control access to their services Federated Incident Response

5 Security Incident Defined
An act of violating an explicit or implied security policy Examples Password theft Computer compromise Data privacy breach Federated Incident Response

6 Federated Incident Response Philosophy
“Do for others as you would do for yourself.” Treat a federated security incident like you would treat an internal security incident Promptly acknowledge incident reports Investigate incidents Notify affected parties when incidents are resolved Notify affected parties and share relevant information Service Providers Identity Providers Federation Operators Maintain the confidentiality of incident information Keep audit logs to facilitate incident investigation Federated Incident Response

7 Federated Incident Response Example
University Identity Provider + TeraGrid Service Provider TeraGrid discovers account misuse caused by compromise of federated identity Response process TeraGrid disables user accounts at TeraGrid sites TeraGrid contacts University University investigates, contacts user, resets user password, etc. University notifies TeraGrid when incident is resolved TeraGrid re-enables user accounts at TeraGrid sites Federated identity introduces need for coordination with home organization, rather than (just) direct interaction between TeraGrid security and TeraGrid users Federated Incident Response

8 Proposed InCommon Operational Changes
Add security incident response contact information to Participant Operational Practices (POP) documents InCommon metadata Security contact information can include URL for incident response practices/policies and public keys address Telephone number Federated Incident Response

9 For more information Federated Incident Response

Download ppt "Federated Incident Response"

Similar presentations

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.

Information Security Domains Computer Operations Security By: Shafi Alassmi Instructor: Francis G. Date: Sep 22, 2010.
HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.

HITECH ACT Privacy & Security Requirements Cathleen Casagrande Privacy Officer July 23, 2009.
Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,

Bronze and Silver Identity Assurance Profiles for Technical Implementers Tom Barton Senior Director for Integration University of Chicago Jim Green Manager,
Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.

Getting to Silver: Practical Matters for CIC Universities Tom Barton University of Chicago © 2009 The University of Chicago.
Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.

Federated Identity, Shibboleth, and InCommon Tom Barton University of Chicago © 2009 The University of Chicago.
September 5, 2013 Southern Region Break-Out NAAA Annual Convention.

September 5, 2013 Southern Region Break-Out NAAA Annual Convention.
Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.

Federated Identity, Levels of Assurance, and the InCommon Silver Certification Jim Green Identity Management Academic Technology Services © Michigan State.
Data Management Awareness January 23, 2008 1 University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.

Data Management Awareness January 23, University of Michigan Administrative Information Services Data Management Awareness Unit Liaisons January.
Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.
Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?

Data Security At Cornell Steve Schuster. Questions I’d like to Answer ► Why do we care about data security? ► What are our biggest challenges at Cornell?
Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.

Federated Access to US CyberInfrastructure Jim Basney CILogon This material is based upon work supported by the National Science Foundation.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign InCommon and TeraGrid Campus Champions Jim Basney
TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.

TeraGrid Science Gateway AAAA Model: Implementation and Lessons Learned Jim Basney NCSA University of Illinois Von Welch Independent.
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
October 2013. The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.

October The Insider Financial Crime and Identity Theft Hacktivists Piracy Cyber Espionage and Sabotage.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,

(2011) Security Breach Compromises 75,000 Staff/Student Social Security Numbers Image from this Site Presenters: Aron Eisold, Matt Mickelson, Bryce Nelson,
General Awareness Training

General Awareness Training
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Similar presentations

Ads by Google