Decisions:
Summary | Description |
---|---|
Conduct security review | See below |
Document lessons learned | See below |
Review services quarterly? | |
Changing access processes for services? | |
Action Items:
Summary | Description | Responsible | Due Date |
---|---|---|---|
XES Security audit (both cloud and non-cloud) | Check what services deployed, how protected, etc. Verify security measures and documentation for other services | Cybersecurity | |
Follow up on other services (this may be included in item above) | What other services are vulnerable based on similar risks of the XDCDB - what was done with XDCDB and what else can be done going forward? | Cybersecurity/SysOps/RAS | |
Log lessons learned | Document lessons learned from this incident | Cybersecurity/SysOps/RAS | |
Identify downtime length | How much downtime (portal) (hrs) resulted from incident? | Cybersecurity/SysOps/RAS | Before IPR11 |
Prepare a report to NSF | Need to prepare a report for Bob and NSF | Cybersecurity | |
Security checklist | Have a recurring checklist for security items for XES - e.g., annual SP checklist | Cybersecurity/SysOps/RAS | |
Verify XOC information | Make sure XOC has everything they need as part of security incident playbook | Cybersecurity/SysOps |
Notes/ Discussion items: Gary Rogers Ester Soriano Alexander Withers Derek Simmel Victor Hazlewood Carman Hendricks Rob Light This is bare bones with respect to details. Those can be fleshed out later. We need to establish due dates for these items (except downtime length).
Details: