Science Gateway Community Institute
Trusted CI has entered into a collaboration with the Science Gateway Community Institute (SGCI). Funded by NSF, the SGCI provides services, resources, community support, and education to those seeking to create and sustain science gateways -- online interfaces that give researchers, educators, and students easy access to specialized, shared resources that are specific to a science or engineering discipline.
Through SGCI’s Incubator program, Trusted CI offers specialized engagements, or consultations, to science gateway developers and operators seeking cybersecurity support. Additionally, Trusted CI presents on relevant cybersecurity topics during SGCI’s focus weeks (formerly called “bootcamps”).
Resources offered by Trusted CI include:
Developing a Cybersecurity Program: a tractable method to build policies and procedures for cyberinfrastructure
Cybersecurity checkups: a tailored approach to accessing the maturity of a security program
Identity and Access Management: a collection of resources to improve authentication and authorization
Open Science Cyber Risk Profile: providing risk profiles for common scientific assets
Training: providing training on cybersecurity via Science Gateway focus weeks and webinars
Providing advice to the SGCI team on protecting their own internal information assets.
Interested science gateway developers and operators interested in obtaining help with cybersecurity should contact SGCI at: https://sciencegateways.org/consulting/work-with-us.
Engagements
Below are a few examples of Trusted CI's contributions to science gateways
GISandbox: Reviewed their operational security and science gateway code
'Ike Wai: Reviewed their identity and access management (IAM) implementation
EarthCube Data Discovery Studio: Reviewed the security of the project server and website
UC SanDiego's BRAIN Lab: Advised on using the cloud storage service, Box, for one of their projects
The Rolling Deck to Repository (R2R): Presented best practices in transferring and archiving data
SeedMeLab: Advised the project on using software penetration testing
cloudperm: Trusted CI has written an app that checks permissions on Google documents to identify potential sensitive material accessible to the public. This scan has been used by SGCI to review its own documents.
Events
The SGCI focus week is now a virtual event. Sign up for their newsletter for upcoming dates.