IRIS is STFC’s federated national digital research infrastructure program, enabling science activities supported by STFC. We have seen the threat of a cybersecurity attack against digital research infrastructures grow in recent years. This is now acute, evidenced by high profile attacks against the research and education sector in the last year. It is timely, therefore, to reflect on the development of the cybersecurity capabilities of IRIS.
We discuss the development of the IRIS security policy framework and the lessons learned about "bootstrapping" a new policy set. We also present the evolution of the IRIS operational security capabilities, and look at developments for the future. The current status of the IRIS AAI development, focussed on the IRIS IAM, will be addressed in a separate talk. Finally, we also discuss collaboration between several different projects where we are involved with trust, identity and security.