Giters

gjmf / OSCRP

Open Science Cyberthreat Profile

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Open Science Cyber Risk Profile (OSCRP)

Welcome to OSCRP, a joint project of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC), the NSF Cybersecurity Center of Excellence, and the Department of Energy's Energy Sciences Network (ESnet).

Over the course of 2016, the CTSC and ESnet collaborated with research and education community leaders to develop a “risk profile for open science” to formally capture and benchmark this expertise, allowing other organizations to apply these best practices more broadly. The risk profile is a categorization of scientific assets and their common risks to science to greatly expedite risk management for open science projects and improve their cybersecurity.

The risk profile is scoped to science projects that are “open,” that is unclassified. E.g. funded by NSF, DOE ASCR, NIH. (They may be under limited-time scientific embargo, however, and may include PHI, such as with NIH research).

We took an asset/impact-oriented approach. Explicitly, we were not concerned about threat actors or specific attack methods, but what assets open science projects have, what harms could befall those assets, and what the impacts from those harms would be to the project.

*“An asset/impact-oriented approach starts with the identification of impacts or consequences of concern and critical assets, possibly using the results of a mission or business impact analyses and identifying threat events that could lead to and/or threat sources that could seek those impacts or consequences.” (NIST Special Publication 800-30)

For assets that are commodity IT or for which a risk profile already exists, this effort references that profile and does not duplicate it, except where the “open science” aspect is in conflict with the existing risk profile.

Where can I find the OSCRP?

The latest version of the OSCRP may be found at https://trustedci.github.io/OSCRP/OSCRP.html

Published snapshots of the OSCRP include:

  • Peisert, Sean, Von Welch, Andrew Adams, RuthAnne Bevier, Michael Dopheide, Rich LeDuc, Pascal Meunier, Steve Schwab, and Karen Stocks. 2017. Open Science Cyber Risk Profile (OSCRP), Version 1.2. March 2017. http://hdl.handle.net/2022/21259

What is an asset?

“Assets” are computing systems, data storage systems, networking, digital sensors, scientific and other advanced instruments, scientific data, personnel, and an interoperable suite of software services and tools, including data repositories, visualization environments, and analytic environments. Assets also include the computer-controlled, network-connected elements of physical plants responsible for the safety and security of these systems, such as power and HVAC.

Working Group

Core members:
RuthAnne Bevier, Caltech
Rich LeDuc, Northwestern
Pascal Meunier, HUBzero
Steve Schwab, ISI
Karen Stocks, UCSD

Contributing members:
Ilkay Altintas, SDSC
James Cuff, Harvard
Warren Raquel, NCSA/UIUC
Reagan Moore, iRods

Organizers

Sean Peisert
Von Welch
Andrew Adams
Michael Dopheide
Susan Sons (former)

Questions?

Contact us by emailing oscrp@trustedci.org.

CTSC Logo LBNL Logo ESnet Logo

About

Open Science Cyberthreat Profile

Languages

Language:CSS 66.8%Language:JavaScript 23.6%Language:Ruby 6.3%Language:HTML 3.3%