Security issueshttp://opensource.ieee.org/groups/technical-advisory-group/security/-/issues2022-03-03T19:26:45Zhttp://opensource.ieee.org/technical-advisory-group/security/about/-/issues/8Potential Resources for Policy Guideline Creation2022-03-03T19:26:45ZBeth HancockPotential Resources for Policy Guideline CreationHowdy all!
@raul , @mbingham3 and I worked through the topics for suggested best practices in today's Security meeting and gathered some potential resources. Please take a look at these possibilities, give feedback, express concerns, a...Howdy all!
@raul , @mbingham3 and I worked through the topics for suggested best practices in today's Security meeting and gathered some potential resources. Please take a look at these possibilities, give feedback, express concerns, and/or add your own in the comments.
Many thanks!
~Beth
@minhdtran
* [Information, Host, and Network Marking Requirements]( https://purplesec.us/network-security-policies/ )
* [Host Security Control Requirements]( https://csguide.cs.princeton.edu/security/host )
* [Network Security Control Requirements]( https://www.algosec.com/resources/security-policy/#:~:text=A%20network%20security%20policy%20delineates,implemented%20throughout%20the%20network%20architecture )
* [Monitoring and Alert Management]( https://www.cde.state.co.us/dataprivacyandsecurity/securitymonitoringpolicy )
* [Internet and Intranet Access](https://studylib.net/doc/7547922/intranet-and-internet-security-policy)
* Authorization and Access Controls
* [First](https://www.cloudflare.com/learning/access-management/what-is-access-control/)
* [Second](https://www.helpnetsecurity.com/2018/07/31/access-control-best-practices/)
* [Data backup and Restoration]( https://www.isaca.org/resources/isaca-journal/past-issues/2012/database-backup-and-recovery-best-practices )
* [Encryption Technology]( https://cgnet.com/blog/what-are-some-encryption-best-practices/)
* [Move/Add Change Management](https://www.itsm.info/ITSM%20Change%20Management%20Best%20Practices.pdf)
* [Auditing Function]( https://www.dnsstuff.com/it-security-audit )
* [Physical Security]( https://www.cisa.gov/sites/default/files/publications/isc-planning-managing-physical-security-resources-dec-2015-508.pdf )
* [Accountability and Responsibility]( https://www.isaca.org/resources/isaca-journal/issues/2019/volume-5/accountability-for-information-security-roles-and-responsibilities-part-1 )2022-03-17http://opensource.ieee.org/technical-advisory-group/security/meetings/-/issues/2Create a standard QA Checklist for Updates2022-03-03T14:37:23ZBeth HancockCreate a standard QA Checklist for UpdatesCreate a standard QA checklist for updates to any parallel version of the Community platform.
This would be an additional tool available to the wider community and to communities that support a parallel installation of the tools. This...Create a standard QA checklist for updates to any parallel version of the Community platform.
This would be an additional tool available to the wider community and to communities that support a parallel installation of the tools. This will probably be a multi-meeting effort.http://opensource.ieee.org/technical-advisory-group/security/about/-/issues/7Work up definitions for Components in section 1 b of the Primer ToC2022-02-17T20:00:46ZBeth HancockWork up definitions for Components in section 1 b of the Primer ToCStephen Cicirelli will work up a series of definitions for the components in the Community Security Primer
b. Components
* Firewalls
* Certificate Authorities
* Encryption Standards
* Authentication Mechanism
* Remote Access S...Stephen Cicirelli will work up a series of definitions for the components in the Community Security Primer
b. Components
* Firewalls
* Certificate Authorities
* Encryption Standards
* Authentication Mechanism
* Remote Access Services
* Intrusion Detection/response
* Logging/Audithttp://opensource.ieee.org/technical-advisory-group/security/about/-/issues/2Create IEEE SA OPEN Platform Primer2022-02-03T18:46:51ZBeth HancockCreate IEEE SA OPEN Platform PrimerMelissa BinghamMelissa Binghamhttp://opensource.ieee.org/technical-advisory-group/security/meetings/-/issues/1Define Security Subgroup Purpose2021-06-24T17:54:04ZBeth HancockDefine Security Subgroup Purpose**Estimated time:** 25-35 mins
**Draft Purpose Statement:** The Security group defines best practices for protecting the IEEE SA OPEN platform, as well as advising project and group maintainers on best practices for their projects**Estimated time:** 25-35 mins
**Draft Purpose Statement:** The Security group defines best practices for protecting the IEEE SA OPEN platform, as well as advising project and group maintainers on best practices for their projects