Security Incident Response Procedure
This page defines a temporary security incident response procedure for Grid sites at UKI Regional Operation Central (ROC). This procedure is based on JSPG's incident response policy and EGEE OSCT's incident response procedure. All Grid sites at UKI ROC should follow the procedure specified on this page to report any Grid-related security incidents. This document is intended for Grid site security contacts and site administrators.Please note: site security contacts and site administrators should also be familiar with and abide by your local incident response policy.
How to report a security incident to UKI ROC security contact?
When a security incident or suspect incident is discovered that relates to grid resources, services or identity:- Report it immediately to your local security contact AND to UKI ROC security contact via security-officer@(NOSPAM)gridpp.ac.uk; if it is an extremely critical incident, please also copy the email to project-egee-security-csirts@(NOSPAM)cern.ch;
- Whenever possible, try to contain the incident with the help of your local security team. Please do NOT reboot or power off the system immediately. In case no support is shortly available, you might isolate the compromised system from the network by unplugging the network cable connected to the system;
- Assist your local security team and UKI ROC Security Contact (can be contacted via security-officer@(NOSPAM)gridpp.ac.uk)to confirm and then announce the incident to all sites via project-egee-security-csirts@(NOSPAM)cern.ch;
- Perform appropriate forensics and take necessary corrective actions with the help of your local security team and/or UKI ROC Security Contact.
- Perform post-incident analysis and send an incident closure report within 1 month following the incident, to all Grid sites via project- egee-security-contacts@cern.ch, including lessons learnt and resolution.
Last modified Mon 16 February 2009 . View page history
Switch to HTTPS . Website Help . Print View . Built with GridSite 1.4.3