This section provides an overview of the roles involved in the security of the EGI infrastructure.

NGI Security Officer

As documented in EGI Document 963: MS116 NGI International Task Review:

Description: NGIs contribute to software vulnerability assessment and to internal Computer Security Incident Response activities, and are responsible for appointing a security officer and providing security support to their Resource Centre administrators.

Assessment: The activities for this international task are focused both at a regional level and at the EGI level. At the regional level, the main activities are: to enforce the security policies and procedures and to handle the security issues, such as security incidents or software vulnerabilities. NGIs are also requested to participate in security related groups e.g. the security policy group.

Site Security Officer

As reflected in e-infrastructure Security Policy:

The Resource Centre Management must designate a Security contact point (person or team) that is willing and able to collaborate with affected participants in the management of security incidents and to take prompt action as necessary to safeguard services and resources during an incident.

The e-Infrastructure Security Officer and the CSIRT

As reflected in e-infrastructure Security Policy:

The EGI Management appoints a Security Officer who leads and coordinates the operational security capability (CSIRT). The Security Officer may, in consultation with the CSIRT, the Management and other appropriate persons, require actions by participants as are deemed necessary to protect the e-Infrastructure from or contain the spread of IT security incidents. The Security Officer also handles requests for exceptions to this policy.

EGI CSIRT IRTF

The CSIRT IRTF handles day to day operational security issues and coordinate Computer-Security-Incident-Response across the EGI infrastructure.

EGI SVG

The EGI Software Vulnerability Group (EGI SVG) aims at minimizing the risk of security incidents due to software vulnerabilities.

EGI SPG

The EGI Security Policy Group (EGI SPG) aims to provide policies that define the expected behaviour of sites and users to ensure a secure distributed computing infrastructure.