Salsa-CSI2 Call - July 31, 2008

*Minutes Salsa-CSI2 Conference Call*
*July 31, 2008*

***Attending***

Chris Misra, University of Massachusetts-Amherst (chair)
Phil Denault, Worcester Polytechnic Institute
Gabe Iovino, REN-ISAC
Doug Pearson, REN-ISAC/Indiana University
Joel Rosenblatt, Columbia University
Joe St. Sauver, University of Oregon/Internet2
Brian Smith-Sweeney, New York University
Wes Young, University of Buffalo
Steve Olshansky, Internet2
Dean Woodbeck, Internet2 (scribe)

***Action Items***
(AI) (Group) -- Review the current Security Event System (SES) document sent to the list by Wes Young. Also review the revised version, if that appears before the next call.

***Security Metrics***

Joel Rosenblatt reported on the security metrics working group, which has completed the ranking of metrics (the draft was emailed to the list). The working group rank-ordered the list of metric areas by a number of criteria: importance, potential for automation, not subjective, reasonable cost, and reproducible. The group also used these categories in the ranking list: incident, operational, compliance, executive. Some fall into multiple categories.

For the next phase, the working group has divided into four sub-groups, with each focusing on a
metric type (incident, operational, compliance, executive). The subgroups will take the top three metrics (by ranking) within their operational area and develop a format for the metric.

The planned deliverable is a cookbook that would spell out what is needed to build and implement the metric, as well as methods for diagnosing problems. The working group also wants to develop a benchmark process, in which schools begin running metrics and share the results in a way that is independent of specific systems and environments. He will report out on progress at the October EDUCAUSE meeting.

***Security Event System Project***

Wes Young sent two documents to the list for feedback. These are purposely over-broad and he is looking for feedback on the scope for the initial stages. He plans to create another proposal draft that is narrower, then more clearly define the first milestone with CSI2 and REN-ISAC.

Wes has also talked with Argonne National Lab (ANL), since they have a similar project underway. The ANL project, though, is closely tied to their internal process, making for some scaling issues. Wes and the ANL chief engineer plan to talk monthly, but at this point it is not a joint project.

(AI) The (group) is asked to review Wes’s current document, as well as the revised version, if it comes out prior to the next CSI2 call.

***Shifting Landscape***

Brian Smith-Sweeney reported that the first phase of this project – to develop a presentation together and achieve some resonance in the community – has been accomplished. The next phase includes writing a white paper and defining additional tangible deliverables. He is also looking for feedback on these next steps.

There was a discussion about moving people – particularly security responders – to move to more strategic thinking (as opposed to focusing on immediate problem-solving. Shifting landscapes include two broad categories: 1) paradigm shifts, in which a completely different technology emerges; and 2) smooth progressions, in which there is a next logical step from what is occurring now to what will be occurring next. The challenge for CSI2 is to determine where the working group should spend its time in this area.

Brian also reported that another published article concerning the shifting landscape will appear soon; he will share the article when it is published.

*CU-Spider*

SteveO reported that Cornell continues to work on the documentation. When that is complete, he will put CU-Spider up on the Internet2 server.

***Next call August 14, 2008, 2:00 p.m. (EST)***