- XES audits: Critical XSEDE Enterprise services (e.g., the User Portal, Single-Sign-On Hub, RT ticket system) are assessed by the security team against established security standards.
- Incident Response: The SecOps team is responsible for leading incident investigations, writing incident reports, and running incident response drills regularly.
- Security Reviews: The SecOps team with the XSEDE Security Working Group (XSWoG) performs reviews of new services in coordination with XCI or other partners bringing new services to XSEDE (e.g., Globus Online)
- Vulnerability Scanning: SecOps regularly scans important XES and works with the SysOps team to remediate high priority vulnerabilities. SecOps also scans allocated resources and works with SP representatives on the XSWoG to resolve vulnerabilities.
- Policy Development: The Security Office with the XSWoG works to develop security and privacy policies and standards. They also contribute security language to other policy, such as the Acceptable Use Policy, as needed.
- Operational Tickets: The SecOps team responds to security tickets from users, most often related to certificate requests.
- Security Training: The XSO is responsible for developing and disseminating security training to new users. This includes maintaining the online training in CI Tutor, participating in the new user training at PEARC, and contributing to the SysOps training for XES operators.
- Risk Assessment: The XSO, with assistance from other SecOps team, regularly updates a security risk assessment first created in 2012 for XSEDE.
SecOps Special Projects
In addition to these regular and on-going activities, the SecOps team has several special initiatives. As of October 2017, these include:
- Federated Intel Sharing: Volunteering SPs are deploying the Science DMZ security appliance (SDAIA) to share intelligence real time on attackers. This will begin by simply sharing the IPs of hosts blocked at participant organizations.
- XSWoG Restructuring: To make these meetings more efficient and to track tasks better, we are moving towards a JIRA Kan Ban board to track all the activities. Further, we are streamlining the meetings by moving XES vulnerability management to the new SecOps/SysOps coordination call. The new meeting format for this working group and will start with new issues, review RT tickets, go over vulnerabilities discovered in allocatable resources, and end with a review and update of tickets in the Kan Ban board.
- Review of the Dec. 2016 Incident: As one year has nearly passed, we are reviewing all of the recommendations form the original report, checking on which ones have been addressed, and doing another incident response drill using the new tools deployed from those recommendations.
Non-SecOps Special Projects
In addition to the projects led by SecOps, there are often externally led project in which the SecOps team participates. As of October 2017, these include:
- XSEDE Data Sharing and Privacy: XSEDE is looking for ways to more easily share its generated data with researchers. As part of this, the SecOps team has updated the XSEDE privacy and data sharing policy with a new draft for review, developed a document of XSEDE's PII, and identified current risks with PII. As appropriate, the XSO will also recommend data that cannot be shared or must be anonymized and how it can be sanitized.
- Training Accounts: The XSO has given recommendations and feedback on ways to improve the security of how training accounts are used within XSEDE.
- XSEDE Multi-factor Authentication: The SecOps team has always been a proponent for MFA within XSEDE and helped create requirments for the intial rollout. As XSEDE is exploring new MFA option to save money, the XSO is also given recommendations and feedback.