EGI-CSIRT Critical Vulnerability Operational Procedure

Permalink:

https://documents.egi.eu/document/283

Document #:

EGI-doc-283-v9

Document type:

Other

Submitted by:

Linda Cornwall

Updated by:

Linda Cornwall

Document Created:

15 Dec 2010, 14:36

Contents Revised:

26 Jan 2012, 16:47

Metadata Revised:

02 Nov 2015, 12:32

Abstract:

New version of the procedure can be found under: https://wiki.egi.eu/wiki/SEC03

In order to prevent incidents, it is important to ensure that operational action is taken in a timely manner when a security problem has been found and a solution identified. A critical security problem is one where it is considered that urgent action needs to be taken, in order for both individual sites and the infrastructure as a whole to be secure. The most common type of critical security problem is where a software vulnerability has been found, and assessed as ‘critical’.
After a problem has been assessed as critical, and a solution is available then sites are required to take action. This document primarily defines the procedure from this time, where sites are asked to take action, and what steps are taken if they do not respond or do not take action.
If a site fails to take action, this may lead to site suspension by removing the site from the resource information system as defined in appropriate policy documents.

Files in Document:

• EGI-CSIRT-Procedure-CriticalSecurity-V8.doc (250.0 kB)
• EGI-CSIRT-Procedure-CriticalSecurity-V8.pdf (330.7 kB)

Topics:

• EGI
• EGI.eu
• Activities:Security
• Activities:Operations

Authors:

• Linda Cornwall

Keywords:

Critical Operational Security

Referenced by:

• EGI-doc-649: MS412 - Operational Security Procedures