ProjectDeliverable

D9.1ProjectQualityPlan

ProjectNumber 700692ProjectTitle DiSIEM–Diversity-enhancementsforSIEMsProgramme H2020-DS-04-2015Deliverabletype OtherDisseminationlevel PUSubmissiondate 30thNovember2016Responsiblepartner FFCULEditor AlyssonBessaniRevision 1.0

The DiSIEM project has received funding from the European Union’s Horizon 2020researchandinnovationprogrammeundergrantagreementNo700692.

D9.1

2

EditorAlyssonBessani,FFCULContributorsAlyssonBessani,FFCULAnaRespício,FFCULCagatayTurkay,City

D9.1

3

ExecutiveSummaryThisdeliverableshowshowqualityaspectsaretakenintoaccountinavarietyofactivitieswithintheDiSIEMproject.

• QualityPlanningrefers toqualitypolicies forexecutingmany importantprojectactivitiessuchasmeetings,deliverablesandpublications;

• QualityAssuranceinvolvestheestablishmentofmechanismstoassesstheprogress and quality of activities executed through the project (e.g.,InterimManagementReports,regulartelephoneconferences);

• QualityControlfocusesonfeedbackthroughinternalprocesses(internalreviewprocess)aswellasexternaladvisors(AdvisoryBoard).

All partners share responsibilities for quality planning, assurance and control,contributingthustoanintegratedviewofthequalityissuesoftheproject.Note: The material here presented updates and further details many of theprojectimplementationideaspresentedintheprojectproposalandinthepartBofANNEX1oftheGrantAgreement.

D9.1

4

TableofContents1 Introduction...................................................................................................................................71.1 OrganizationoftheDocument......................................................................................7

2 QualityPlanning...........................................................................................................................82.1 Newparticipantsontheproject...................................................................................82.2 VisualidentityofDiSIEM.................................................................................................82.3 ProjectPolicies.....................................................................................................................92.3.1 Meetings.........................................................................................................................92.3.2 Deliverables...............................................................................................................102.3.3 PublishingScientificPapers................................................................................112.3.4 PublishingOpen-SourceSoftware...................................................................12

3 QualityAssurance.....................................................................................................................133.1 InterimManagementReports(IMR).......................................................................133.2 ResponsibilitiesandInternalReview.....................................................................143.3 Tele-ConferenceandMeetings...................................................................................15

4 QualityControl...........................................................................................................................164.1 InternalReviewProcessofDeliverables...............................................................164.2 AdvisoryBoard.................................................................................................................174.3 RiskManagement.............................................................................................................18

5 SummaryandConclusions...................................................................................................19

D9.1

5

ListofFiguresFigure1DiSIEMlogoandvisualidentity..................................................................................9

D9.1

6

ListofTablesTable1Exampleworkpackage(WP2)progressreportintheIMRM1-6..............13Table2AchievementsanddeviationstableontheIMR.................................................14Table3IMReffortmapfortheperiod(inthisexample,forM1-M6)........................14Table4InternaldeliverablereviewformofDiSIEM........................................................17

D9.1

7

1 IntroductionThisreportpresentsthequalityplanfortheDiSIEMproject.Thisqualityplanisbasedonthreephasesofthequalityprocess:planning,assuranceandcontrol.QualityPlanningreferstoqualitypoliciessuchastheproceduresfororganizingmeetings, producing deliverables or publication policies, the definition ofresponsibilities as well as the creation of a visual identity including a projectlogo,anddocumentandpresentationtemplatesetc.Quality Assurance defines the mechanisms and tools to monitor the project.This involves the establishment of Interim Management Reports, clearresponsibilitiesandregularface-to-facemeetingsandtele-conferences.Quality Control focuses on feedback through internal processes (internalreviewprocess)andexternaladvisors(AdvisoryBoard).Itfurthermonitorshowfeedback is implemented and assures the project outcomes through proactiveriskmanagement.Withthesemechanismsweexpecttodetectpotentialriskstotheprojectasearlyaspossibleandintroducemitigationactionsforensuringtheplannedmilestonesand,ultimately,theobjectivesoftheDiSIEMprojectareachieved.

1.1 OrganizationoftheDocumentThedocumentisorganizedfollowingthethreephasesofourqualityprocesses:Chapter 2 describes the quality planning, Chapter 3 describes the qualityassurance and Chapter 4 describes the quality controlmechanisms of DiSIEM.Chapter5concludesthereportwithsummaryandconclusions.

D9.1

8

2 QualityPlanningTheestablishmentofwell-definedpoliciesandproceduresforthemainactivitiesof the project is themain purpose of the quality planning. In this chapterwedefine, among other things, procedures for adding new participants to theproject, for organizing meetings, for preparing deliverables and publishingpapersbasedonworkdoneintheproject.

2.1 NewparticipantsontheprojectInordertoaddaparticipanttotheproject,theresponsiblepartnershouldsendanemailtothecoordinator(anbessani@ciencias.ulisboa.pt)withthenameofthenew participant, his/her email address and its role in the project (technical,administrativeorboth).Thecoordinatoristhenresponsibleforsubscribingtheparticipant to the required mailing lists (disiem-technical or disiem-administrative,seeD8.1),andcreatinganaccountfortheparticipantonthefilerepositoryoftheproject(gitserver).AnewprojectparticipantneedsalsotoreadthisdocumentandtheANNEX1oftheGrantAgreement(atleastthePartB)tobefullyinformedabouttheactivitiesandobjectivesoftheproject.

2.2 VisualidentityofDiSIEMWeestablishedthevisualidentityoftheproject,includingtheprojectlogo(withvariants) and templates for presentations and deliverables (used in thisdocument).Figure1presentstheprojectlogowithinthecolourandbackgroundsthatarerecommendedforkeepingaconsistentvisualidentityforDiSIEM.All activities of the projectmust comply with logo and colours defined in theprojectvisualidentity.Moredetailsandlogovariantsareavailableontheprojectrepositoryforthepartnerstoinspect.

D9.1

9

Figure1DiSIEMlogoandvisualidentity.

2.3 ProjectPolicies

2.3.1 MeetingsFor physical meetings, the hosting partner of a meeting pays for conferencefacilities, catering and other organization costs, while each partner pays foraccommodation and provisions. Usually the host invites for lunch and coffeebreaksduringthemeeting.Ifpossible,thehostingpartnerinvitesthepartnerstoonecommondinner.The meeting locations have to change regularly in order to achieve a fairdistributionofcostsamongtheprojectpartners.Bytheendofeachmeeting,thepartnerswilldefinewhereandwhenwillbe the followingmeeting (weexpectthreeorfourmeetingsperyear).To keep costs down,we prefer tomeet at partners facilities that can often beused for free. If that is not possible, the hosting partner can arrange/ask foroffers for conference rooms in a hotel. Then the partners pay separately theirconferencefees(roomfeeincludingcoffeeandlunchbreaks).In the following there is a checklist for hosting partners to verify if theirmeetingfacilitiesareadequate.

LOGÓTIPO SÍMBOLO

IDENTIDADE

D9.1

10

MeetingRoom(s):

1. Onthefirstdaywewouldneedonebigroomforapprox.20-30people(ifeverypartnershowsupwith2-3persons;aparticipantlistwillbecreatedandmadeavailableontheprojectrepositoryinadvance).

2. For the second day parallel sessions might be suitable. To plan suchsessions,twoorthreerooms(forapprox.10-15personseach)wouldberequired(themeetingagendawillbemadeavailableinadvancedefininghowmanybreak-outsessionswillbenecessaryinthemeeting.)

3. Somemeetingsmight requiremore than twodays, in this case facilitiesneedtobepreparedforthethirdday,inaccordancewiththeconsortiumrequirements.

4. Are there any costs for the conference room/day/person (coffee-break,lunch)?Arethereanyotherexpenses?

Infrastructure/Equipment:

1. WirelessInternetconnection;2. Projectorineachroom;3. Powerplugsforallparticipants;4. Flipchartsandpens.

2.3.2 DeliverablesThe project deliverables must be made available on the corresponding workpackagedirectoryintheprojectrepositoryinaccordancewiththefollowingfilenametemplate:

Dx.y-<leadpartner>-<levelofdissemination>-<duemonth>.pdfThe leadpartnermustbe theshortnameof thepartner institution; the levelofdisseminationiseitherPU(public)orCO(Confidential);andduemonthisintheformatMn, beingn themonthof thedeliverable. For example, this deliverablewillbestoredintherepositoryinthefollowinglocation:

02-Work-Packages/WP9/Deliverables/D9.1-FFCUL-PU-M3.pdfNoticethattheprojectcontainsmainlytwotypesofdeliverables:

• Report:Adocumentdescribingtheachievementsoftheproject;

• Demonstrator:Ademonstratorusually isasoftwarepackagethatmustbe accompanied by a small written report outlining the structure,purpose, documentation, and the results of the demonstrator (ifapplicable). Ideally, the software package must also be put in therepository or, alternatively, the reportmust indicate how to obtain thedemonstratorifitisopensource(e.g.,githubaddress).

D9.1

11

2.3.3 PublishingScientificPapersFor general dissemination activities, the partners need to communicate theconsortiumaboutthedisseminationatleastoneweekbeforeitismadepublic.In the particular case of conferences and journals, the partners shoulddisseminate a draft of the paper before submission. In the worst case, anacceptedpapermustbedisseminated to the consortiummembers at least oneweekbeforethecamera-readyversionissubmitted.Theaforementioned communicationmustbedone through theprojectmailinglist (disiem-technical) and the draft of the paper/presentation/article must bemadeavailableontherelevantWPdirectoryontheprojectrepository.Anyobjectiontotheplannedpublicationshallbemadeinaccordancewiththe GA in writing to the coordinator and to any party concerned withinsevendaysafterreceiptofthenotice.Ifnoobjectionismadewithinthetimelimitstated,thepublicationispermitted.Thebeneficiariesmayagreeinwritingondifferenttimelimitstothosesetabove,whichmayincludeadeadlinefordeterminingtheappropriatestepstobetaken.Furthermore, the paper or article, or the link to it will be published on theDiSIEMprojectwebsite.Additionally,wewanttomakeeveryDiSIEMpublicationavailableasopenaccessintheZenodorepository(seeD8.1).The authors are obliged to add the pdf of the publication to the projectrepository (in the 01-Official-Documents/Published-Papers directory) inaccordancewiththefile-namingtemplate

<LeadPARTNER>-<LeadWP>-<venue/journal>-<keyword>.pdfand informtheprojectcoordinatorabout thepublication.TheCommissionandotherinterestedpartieswillthenbeinformedaboutthescientificpublicationviathewebsiteandalsoviaTwitter.AllpublicationsoranyotherdisseminationrelatingthatwasgeneratedwiththefinancialsupportfromtheDiSIEMprojectmustincludethefollowingstatement:"ThisworkissupportedbytheEuropeanCommissionthroughtheH2020programmeundergrantagreement700692(DiSIEM).”Authorship.Apersonshouldbeauthorandthepersonmayvetoapublicationif

• thepersonhascontributedsignificantportionsofthetext,and/or• thepersonhascontributedatleastonesignificantidea,and/or• thepaperdescribes an implementation that hasbeenperformedby the

person. Allothercontributors/influencersshouldbementionedbroadlyintheacknowledgements.

D9.1

12

2.3.4 PublishingOpen-SourceSoftwareTheprocessforpublishingcodeinopen-sourcerepositoryshouldbeexactlythesame as for papers and articles. The publishing partner(s) must inform theconsortiumbefore the publication to ensure anypossible IPR issue is clarifiedbeforepublication.Ifnoobjectionisraisedwithinsevendaysofthenotification,thepublicationisconsideredapprovedbytheconsortium.

D9.1

13

3 QualityAssuranceQuality assurance is related with the tools and mechanisms we haveimplementedinDiSIEMformonitoringtheprogressoftheproject.Thisincludesthe Interim Management Reports, the assignment of responsibilities, and thetelcosandface-to-facemeetings.

3.1 InterimManagementReports(IMR)TheInterimManagementReportisaninternalreportfilledeverysixmonthsbyeachpartner. This is an important tool to understand the resources spent andtheachievementsduringtheperiod.This report is supposed to be short and concise, and the information ofintermediate IMRs of each partner will be consolidated in the project reportsdeliveredtotheEC.The report will be divided in three parts. The first part, “Technical Progress”,containsatableforeachworkpackagethepartnerisinvolvedduringtheperiod.Thistablecontainsspaceforfillingtheprogressforeachofthetasksoftheworkpackageandsomespacefordescribingtheplannedworkforthenextsixmonths.Table1showsanexamplefortheWP2onthefirstIMR(M1-6).NoticethatT2.3is not supposed to be filled, as this task was not executed during the periodunderreport.

Table1Exampleworkpackage(WP2)progressreportintheIMRM1-6.

WP2–RequirementsandArchitectureforSIEMIntegration(M1-12)T2.1–In-depthanalysisofSIEMTechnology(M1-6)[WorkdoneinT2.1]T2.2–Referencearchitecture(M4-9)[WorkdoneinT2.2]T2.3–Integrationworkplan(M7-12)PlannedworkforthenextsixmonthsinWP2[Shortdescriptionoftheplannedworkforthenextsixmonths]Thesecondpartofthereportallowsapartnertodescribeitsmainachievementsrelatedwiththeprojectintheperiod.Besidesthat,thissectionalsopresentstheopportunityforthepartnerstoreportanydeviationsoftheplannedwork.ThisisshowinTable2.

D9.1

14

Table2AchievementsanddeviationstableontheIMR.

AchievementsandDeviationsMainachievementsintheperiod(please,relateeachwithaWP)[papers,prototypesandotherachievementsoftheperiod]Deviations(please,relateeachwithaWP)[deviationsintermsoftheplannedwork]In the lastpartof theprogressreport, thepartnermustreport theeffortspentduringtheperiod.Table3showsthetabledefinedforthispurpose.

Table3IMReffortmapfortheperiod(inthisexample,forM1-M6).

WorkPackage

PlannedEffort

M1-M6

M7-M12

M13-M18

M19-M24

M25-M30

M31-M36

WP1 0 WP2 [PMs] [PMs] WP3 [PMs] [PMs] WP4 [PMs] [PMs] WP5 [PMs] [PMs] WP6 [PMs] [PMs] WP7 [PMs] WP8 [PMs] [PMs] WP9 [PMs] [PMs] Total [PMs] [PMs] Thetablewillcontainonecolumnwiththeplannedeffortforthewholeprojectforthepartnerfollowedbysixcolumns,oneforeachperiodinwhichthepartnershould add the PMs spent on each WP for the corresponding period. ThisstructureallowspartnerstoassesstheeffortplannedfortheWPandtheamountofeffortalreadyspentthere,allowingtheadequateplanningforfutureperiods.

3.2 ResponsibilitiesandInternalReviewHavingacleardefinitionoftheresponsibilitiesdefinitionisa fundamentalstepforachievingthegoalsoftheDiSIEMproject.Foreachprojectdeliverablethereisalreadyoneresponsiblepartner,asdefinedintheGrantAgreement(PartAofAnnex1).Thereforeitisexpectedthattheresponsiblepartnerorganisetheworkin the deliverable in a timelymanner for producing high quality deliverables.Once thedeliverable is complete,an internal reviewprocesswillbecarriedonbefore the delivery of the report to the EC. The process is fully described inSection 4.1, but the important point here is that the reviewers for eachdeliverable will be defined and documented at least two months before theinternalreviewprocessforadeliverablestarts.

D9.1

15

Thenameofthereviewersdefinedforeachdeliverableandtheirdeadlineswillbedefinedinthefollowinglocationoftherepository:

01-Official-Documents/Deliverables-Planning.xlsx

3.3 Tele-ConferenceandMeetingsEstablishingaclearplanforcommunicationsincethebeginningisoneofthekeyfactors toensurepartnerswill stayengaged in theprojectand informedaboutotherpartnersprogressandachievements.CommunicationinDiSIEMisdoneinthree ways: tele-conferences (telcos), face-to-face meetings and spontaneouscommunication between partners. The last type of communication is notregulated and/or defined by the project coordination. Partners are free tocollaborateandcontactwitheachotherbyexploitingthecontactlistonprojectrepository.For the former two thereare somespecific aspects thatneed tobedefined.Intermsoftelcos,theDiSIEMconsortiumestablishedaregularmonthlytelcofortheproject,inwhichtheexecutiveboarddiscusstheprogressoftheprojectandtheactivitiesfortheupcomingmonths.Besidesthat,itisadvisablethatpartnersresponsible for deliverables involvingmore than twopartners, schedule telcosfor discussing the responsibilities and progress of the deliverable. There aremany options about how these meetings can be done, and we discuss therecommendedcommunicationinfrastructureinD8.1.Face-to-facemeetingsarefundamentaltoensurepartnersknoweachotherandparticipatein livelydiscussionsabouttheinnovationsproposedinDiSIEM.Thekick-offmeetingoftheprojecttookplaceinLisboninSeptember8-9thwiththeparticipation of almost 30 persons. During this meeting we defined theprocedures to be followed for the remaining of the project. In particular, wedefinedthattherewillbeatleastthreeprojectmeetingsperyear,beingthenextin February 2017 inMadrid (organized by Atos). The thirdmeeting of the 1styearisexpectedtohappeninMay-June2017.Besides these meetings, there will be a review preparation meeting one daybefore each of the two project reviews. In addition, we expect to have twoadvisoryboardmeetingsandtheparticipationoftheadvisoryboardmembersinatleastoneworkshoporganizedbytheproject.

D9.1

16

4 QualityControlQualitycontrolismostlyconcernedwiththeassuranceofthefeedbackobtainedduringtheprojectistakenintoaccountandanydeviationsoftheplannedworkis accounted adequately. Therefore,we defined an internal review process fordeliverables,anadvisoryboardandariskmanagementprocessforDiSIEM.

4.1 InternalReviewProcessofDeliverablesForofficialprojectdeliverables,therewillbeaspecificprocessofreviewbeforethe submission to EC. This guarantees that the qualitative targets are reachedwith regards the technical content, the objectives of the project and adhere toformalrequirementsestablishedintheGrantandConsortiumAgreements.Thereviewprocessshouldbedoneusingthefollowing:

• 21 days before delivery deadline: internal delivery of a preliminaryversionordraft;

• 14 days before delivery deadline: delivery of an internal reviewperformed by two representatives of different partners not directlyinvolved in the deliverable. These reviews will be done by filling aspeciallycreatedreviewform(seeTable4);

• 10daysbeforethedeliverydeadline:afinalversionofthedeliveryismadeavailablefortheconsortium;

• 3daysbefore thedeliverydeadline: theprojectmanagementandWPleaderformallyapprovesthedeliverable;

• Delivery deadline: the Project Coordinator delivers the final version(withpossibleminorcorrectionsmadebytheeditor)totheEC.

AfterthesubmissionofthedeliverabletotheEC,itwillbemadeavailableontheprojectwebpage(forpublicdeliverables).

D9.1

17

Table4InternaldeliverablereviewformofDiSIEM.1

DiSIEMInternalReviewFormforDX.YReviewerName: Dateofthereview:1)Isthedeliverableinaccordancewiththe

a.descriptionofAction?

YesNo

[Comments]

MajorMinor

b.stateoftheart?

YesNo

[Comments]

MajorMinor

2)Isthequalityofthedeliverablesuchthat

a.itcanbesenttotheEC?

YesNo

[Comments]

MajorMinor

b.itneedsfurtherediting?

YesNo

[Comments]

MajorMinor

c.thecontentsneedtobeimproved?

YesNo

[Comments]

MajorMinor

3)Doesthedeliverableincludea.ameaningfulandclearstructure?

YesNo

[Comments]

MajorMinor

b.anexcellentexecutivesummary?

YesNo

[Comments]

MajorMinor

c.anappropriateintroduction?

YesNo

[Comments]

MajorMinor

d.ameaningfulsummaryandconclusion?

YesNo

[Comments]

MajorMinor

Filling instructions: foreachquestionansweryesorno(putanX close to it),writeyouroverallcommentsandtheninformifthecommentsrefertoamajororminorissuetobecorrectedbeforedelivery.Thecommentsandmajor/minorcanbeleftblankiftheansweris“Yes”.

4.2 AdvisoryBoardTheDiSIEM advisory board (AB) consists of fivewell-known specialists in thefieldnotdirectlyinvolvedintheprojectaspartnerssupportsandadvisesprojectpartnerswith experience and know-how throughout the project duration. TheAB’s valuable feedback to the technical process of the project brings manybenefitsfortheproject,asdiscussedinthefollowingparagraph.InordertoachieveastrongcooperationwiththeABmembers,weplantohavetwoface-to-facemeetings,aswellassomeconferencecallsandfeedbackrounds.The advisory board travel costs will be covered by the DiSIEM coordinator(FFCUL),whichtookthesecostsintoaccountinitsbudgetplanning.TheABwilladviseonstrategicdirectionsoftheprojectintermsofdetailedtechnicalgoals,1InspiredonthereviewtemplateoftheSUPERCLODH2020project,asdescribedinSUPERCLOUDD2.1.

D9.1

18

impact and exploitation of results, comment on economical feasibility andachievedormissedtargetsandinfluenceDiSIEMlong-termtargetsset.AsinM3,wealreadyfinishedtheformationofouradvisoryboard,whichcountswiththefollowingmembers:

• SérgioSá(HORIZON2);• Dr.MarcDacier3(QCRICyberSecurityGroup);• PiotrKijewski(TheShadowserverproject4);• AlexanderDulaunoy(CIRCL5);• Dra.JaneReichel6(UppsalaUniversity,FacultyofLaw).

Thisheterogeneousgroupofresearchersandsecurityspecialistsiscomposedbyone SIEM services vendor (Sérgio), one senior researcher on security andintrusion detection with large experience in both academic and industrialresearchlabs(Marc),twoseasonedSIEMusersandsecuritymonitoringexperts(Piotr and Alexander) and one specialist in data protection and EU privacyregulation(Jane,whowillserveasourethicsadvisor).

4.3 RiskManagementAlastbutfundamentalaspectofqualitycontrolishowriskmanagementwillbedoneduringtheproject.Thecoordination(togetherwiththeexecutiveboardoftheproject)willidentify,andreacttoanypossiblerisktoanyofthedeliverables,milestones, and, ultimately, to the objectives of the project. The assessment oftheriskswillbedonebasedontheinputsreceivedduringthemonthlytelcos,thequarterlyface-to-facemeetings,andintermediatereportsdeliveredbypartnerseverysixmonths.Each identifiedriskwillbegivenapriority(low,medium,orhigh)basedontheimpactitmighthaveontheprojectoutcome.An initial list of themain risks to theprojectwas identifiedduring theprojectproposalpreparationandisdescribedintheDiSIEMGrantAgreement.Thislistwillbeenrichedduringtheproject,andacompleteriskassessmentplanwitharevisedlistofprojectrisksandcountermeasureswillbeprovidedonD9.2,tobedeliveredonM12ofDiSIEM.

2http://horizon.pt/3http://qcri.org.qa/page?name=Marc_Dacier&a=117&pid=2004https://www.shadowserver.org/5https://www.circl.lu6http://www.jur.uu.se/personalinfo.aspx?UserId=1902

D9.1

19

5 SummaryandConclusionsThisdeliverablepresented theprojectqualityplan for theDiSIEMproject.Ourplan is devised around threemain types of activities: quality planning, qualityassessment,andqualitycontrol.Theplanningdefinesallprocessesforincludingnew personnel on the project, organizing meeting, publishing papers, andpreparingdeliverables.Thequalityassessmentdefinesmeansformonitoringtheperformanceoftheproject,whichincludestheInterimManagementReportandmeetingsandtelcospolicies.Finally,thequalitycontroldefinesmeanstoensuredeliverables and internally reviewed and feedback from advisory board isproperlyconsideredintheproject.