Security work in TERENA mainly relates to the activities carried in the Computer Security Incident Response Teams (CSIRTs). Authentication and Authorisation is dealt with in TF-EMC2.
A Chief Security Officer is usually a senior level executive within an organisation responsible for information security. This may include systems, network and data security; incident response and handling; regulatory compliance; risk management; and disaster recovery. They are commonplace in medium-to-large commercial companies, and are increasingly employed in government and other types of organisation. However, the concept is relatively unknown within the research and education community, and very few NRENs appear to have a designated CSO.
Since 2003, TACAR (TERENA Academic CA Repository) offers a trustworthy solution to the problem of downloading root CA certificates. The problem that TACAR addresses is the use of Public Key Infrastructures (PKI) and how to get the appropriate root CA certificates needed by browsers in a practical and cost-effective manner. A possible solution that can be applied within the TERENA community is the provision of a trusted repository which contains verified root CA certificates.
Computer security incidents require fast and effective responses from the organisations concerned. Computer Security Incident Response Teams (CSIRTs) are therefore responsible for receiving and reviewing incident reports, and responding to them as appropriate. TF-CSIRT is a task force that promotes collaboration and coordination between CSIRTs in Europe and neigbouring regions, whilst liaising with relevant organisations at the global level and in other regions.
TRANSITS provides affordable, high-quality training to both new and experienced Computer Security and Incident Response Team (CSIRT) personnel, as well as individuals with a bona-fide interest in establishing a CSIRT. TERENA runs regular training courses within Europe on a cost recovery basis, with financial support from ENISA. The course materials may also be licensed to those wishing to organise their own TRANSITS training courses.
In Europe joint CSIRT activities are undertaken within a cooperative body called TF-CSIRT. To cooperate efficiently and swiftly when security incidents occur, a certain level of mutual trust is needed between CSIRTs. An important pre-requisite for mutual trust is shared and accurate operational knowledge about one another. The TI accreditation service is meant to do just that: facilitate trust by formally accrediting CSIRTs that are ready to take that step.