Subject | Target group |
Laws & Regulations (privacy, data protection, export) | Systems management, users |
Secure Software development | User, user coordinator, contractor |
System hardening | System admin, network engineering |
System operations | System admin, network engineering |
Monitoring and logging | System admin, network engineering, response teams |
Forensics | Response teams |
Incident respons and analysis | Response teams |
Contigency planning and disaster recovery | Management, governance, admin, user coordinator, response team |
Organisation, roles, responsibilities (generic introduction) | All |
AAI proces and procedures, FIM, SSO | System admin, user coordinator |
Systems design | Architect, network engineer |
General use and awareness | Users, user coordinator, all |
Developing and maintaining policies and procedures | Management, governance |
Applying policies and procedures | Architect, system admin, user coodinator |
System acquisition | Acquistion |
Decommissioning (data leakage prevention) | Admins, governance, user coordinator |
Risk management |
Laws & Regulations (privacy, data protection, export)
Secure Software development
Training withing this group should focus on all the aspects related to software programming from the security point of view. It should include integrating security practices into the software development lifecycle and verifying the security of internally developed applications before they are deployed. This will help to mitigate risk from internal and external sources. Security practices which should be included are: design, construction, testing, release, and response.
One of the important steps in secure development is integrating testing tools and services into the software development lifecycle. The training could describe or train on tools allowing developers to model an application, scan the code, check the quality and ensure that it meets regulations. Furthermore, automated secure development testing tools that find and fix security issues could be elaborated.
Additionally secure development trainings could be offered certifying experience in secure development.
See e.g.: http://www.sans.org/curricula/secure-software-development
System hardening
Any system providing ressources to the outside world is on risk to be hacked. Often simple security tools are installed and used by default like local firewalls, virus scanner etc., but even with these security measures in place, computers are often still vulnerable to outside access. System hardening, also called Operating System hardening, helps minimize these security vulnerabilities.
The trainings offered should provide detailed trainning on those tasks eliminating as many security risks as possible. The trainings should include e.g. technics to check for non-essential software programs which can be removed from the system, since they could provide "back-door" access to the system. Guest accounts should be closed, alternate boot devices disabled, only secure passwords allowed, no remote root access, monitoring of unauthorized access attempts, etc.
System operations
Training should focus on providing secure services to the user community. This includes but is not limited to secure authentication and authorization practices, recognizing breaches, scanning for vulnerabilities, change management, patching, logging, intrusion detection, incident response, disaster recovery, and forensic practices.
Service lifecycle and secure practices during of each stage should be covered in-depth. These stages include requirement gathering, technology investigation, development, testing, deployment, production operation and retirement. It should also cover transitioning between stages.
Monitoring and logging
Monitoring and logging are the essential components which allow to track system events in their historical order. Without monitoring you are not able to be aware of any events going on in your system. Having found suspicious system behaviour must ultimately lead to further investigations, which normally are able only if extended logging has been done continuously.
The training will/should provide an overview about available monitoring and logging tools, central system logging and techniques used to analyse those combined loggings. Only centralized logging helps to combine system and network activities and get a comprehensive look on the overall attack.
Forensics
Forensic scientists collect, preserve, and analyze scientific evidence during the course of an investigation. Forensics includes but is not limited to system and user behaviour, file system content, communication patterns etc. There are a lot of techniques and tools out there, which can help to investigate on an suspicious activity within the system. The trainings should help system and network admins to doing their day to day business with the safeness on board to being wapponed against threads coming from the outside world.
Incident response and analysis
Any outward facing service provides a potential attack surface. Incidents should be expected by users, administrators and response teams. Proper response and analysis is critical to reduce continued risk. All levels of an E-Infrastructure should know exactly how to handle an incident. This starts with what to do with the service in question to preserve important forensic information, who to contact in event of a breach or attack, how to limit unfavorable consequences, and how to notify the community of the incident. This will also include contacting collaborating E-Infrastructures to be sure they are not also affected by the breach or attack.
Training should focus on properly handling security events.