Child pages
  • 20191205- Discussion about the recent XDCDB incident
Skip to end of metadata
Go to start of metadata

Decisions:

 Summary

Description

 Conduct security reviewSee below
Document lessons learnedSee below
Review services quarterly?
Changing access processes for services?





Action Items:

Summary
Description
Responsible
Due Date

XES Security audit (both cloud and non-cloud)

Check what services deployed, how protected, etc. Verify security measures and documentation for other services

Cybersecurity


Follow up on other services (this may be included in item above)

What other services are vulnerable based on similar risks of the XDCDB - what was done with XDCDB and what else can be done going forward?

Cybersecurity/SysOps/RAS

 
Log lessons learnedDocument lessons learned from this incident

Cybersecurity/SysOps/RAS


Identify downtime lengthHow much downtime (portal) (hrs) resulted from incident?Cybersecurity/SysOps/RASBefore IPR11
Prepare a report to NSFNeed to prepare a report for Bob and NSFCybersecurity
Security checklistHave a recurring checklist for security items for XES - e.g., annual SP checklistCybersecurity/SysOps/RAS
Verify XOC informationMake sure XOC has everything they need as part of security incident playbookCybersecurity/SysOps

 

Notes/ Discussion items: Gary Rogers Ester Soriano Alexander Withers Derek Simmel Victor Hazlewood Carman Hendricks Rob Light This is bare bones with respect to details. Those can be fleshed out later. We need to establish due dates for these items (except downtime length).

Details:

 

 

  • No labels