SIRTFI defines how federated organisations should coordinate during security incidents, yet asserting compliance does not automatically build operational trust. In 2025, InCommon conducted a multi-day, story-driven cybersecurity cooperation exercise involving distributed Identity Providers and Service Providers. The exercise revealed gaps between IAM and security teams, inconsistent handling of TLP markings, and challenges in cross-institution communication. This session shares lessons learned and demonstrates how structured tabletop exercises can operationalise federated trust, strengthen coordination across eduGAIN participants, and move communities beyond checkbox compliance toward a culture of shared responsibility and practical cooperation.
- Tags
-