Speaker
Description
Many years ago, the Joint WLCG/OSG/EGEE security policy group successfully developed a suite of Security Policies for use by WLCG, EGEE, EGI and others. These in turn formed the basis of the AARC Policy Development Kit, published in 2019. Many infrastructures have since used the template policies in the AARC PDK but found they had to modify them to meet their needs. The Policy Templates are gradually being modified, taking feedback from others into account. The work on new template versions in the WISE Community Security for Collaborating Infrastructures working group was presented at ISGC2023. In future, work on this will continue in WISE but also be influenced by AARC TREE, the new EU Horizon Europe funded project presented in another abstract to this conference.
Standard best practice on the development and maintenance of a Cybersecurity Program includes the management of risks, the mitigations for which include the use of appropriate security controls. The use of Security Policies is one essential component of such controls. This is well described in the Trusted CI Framework and guidance published at https://www.trustedci.org/framework .
In WLCG, the IT infrastructure for the CERN Large Hadron Collider experiments, many of the security policies are now in need of update and revision. The work to use existing policy templates, and modify where necessary, for the update of WLCG security policies will be presented in this talk. This is essential for building trust within WLCG and also externally with other Infrastructures. All of this work will be fed back into discussions within WISE and AARC TREE to help produce new AARC policy templates.