Skip to end of metadata
Go to start of metadata

Date

Attendees

Agenda

  •  Mgr coordination (first this time)

    ·        Others besides SysOps and Security can drop off unless they are interested in the next items

  • Security incident involving SSO Hub outage

 

o   Review of NSF “suggestions” that came from John Towns

o   Final, final report preparation

o   Incident notification/escalation plan for security incidents including notifying NSF

o   Discussion about SSO hub and Duo multi-factor authentication (MFA)

·        Using cloud services for XSEDE Enterprise Services

o   Need a security standard and guidelines for housing an XES in the cloud

o   Planning a pilot project of having SSO backup in the AWS cloud using Univ of Illinois AWS contract

o   When/how/why to move a XES to the cloud

o   Is cloud usage for XES due to cost-savings, or other factors.

 

 

 

 

Discussion items

TimeItemWhoNotes
 Manager coordinationVictor

None

 

Security incident involving SSO Hub outage

Victor/Adam/Jim

o   Final, final report preparation for the incident at hand;  will be waiting on a report of discussion with PI

o   Discussed the NSF “suggestions” that came from John Towns email; security team saw this;

o   Discussion of XSEDE security incident notification/escalation plan for notifying NSF; This included a discussion of the definition of an “incident”; Jim drafted this for the PEP text

o   Discussion was had about the SSO hub and Duo multi-factor authentication (MFA). A recommendation is coming from XSEDE security to require 2FA for SSO hub.

·        Using cloud services for XSEDE Enterprise Services

o   Need a security standard and guidelines for housing an XES in the cloud

o   Planning a pilot project of having SSO backup in the AWS cloud using Univ of Illinois AWS contract

o   Need a plan to investigate and be able to answer: When/how/why to move a XES to the cloud

o   Question we need to answer: How long will it take to develop get a security standard and/or guideline (2 months)?

o   Another question: How long will it take to do the pilot evaluation and identify the issues, costs, etc.?

Action items

  •