Operational framework and RFC2350
Below you find the Operational framework and RFC-2350 document for Tilburg University CERT. This document describes the community's expectations of computer security incident response teams (CSIRTs).Operational framework
The Operational Framework is a brief description of activities and services of Tilburg University CERT.RFC-2350 Tilburg University CERT
RFC2350 is an international standard for Computer Security Incident Response Teams.1. Document Information
1.1. Date of Last Update
This is version of June 20th 2018.1.2. Distribution List for Notifications
The current version of this profile is always available on: https://www.cert.uvt.nl/general/frameworkAny specific questions or remarks please address to the Tilburg University CERT mailaddress.
1.3. Locations where this Document May Be Found
The current version of this profile is always available on: https://www.cert.uvt.nl.2. Contact Information
2.1. Name of the Team
Tilburg University CERT, the CSIRT or CERT team for the Tilburg University (UvT), The Netherlands.2.2. Address
Tilburg University CERT
Room G217
P.O. Box 90153
NL - 5000 LE Tilburg
2.3. Time Zone
UTC+1 (UTC+2 during DST , according to EC rules)2.4. Telephone Number
+31 13 466 30952.5. Facsimile Number
+31 13 466 3189 (mention "Attention to Tilburg University CERT")2.6. Other Telecommunication
Not available.2.7. Electronic Mail Address
cert@uvt.nl2.8. Public Keys and Encryption Information
Only PGP is currently supported for secure communication.
Current key (UvT-CERT.2016-key) 68D20C5A
Key fingerprint = 1AEE 755F 94A9 2C83 5514 C687 0230 C0FC 68D2 0C5A
The PGP Public key of Tilburg University CERT can be found here.
Key fingerprint = 1AEE 755F 94A9 2C83 5514 C687 0230 C0FC 68D2 0C5A
2.9. Team Members
Tilburg University CERT team members are assigned from the ranks of Tilburg University ICT professionals.
Further details to be found at https://www.cert.uvt.nl/.
2.10. Other Information
Tilburg University CERT was established in 2004 For other information see https://www.cert.uvt.nl/.2.11. Points of Customer Contact
Regular method of contact: use Tilburg University CERT mailaddress.
Regular response hours (local time, save public holidays in The Netherlands):
Monday - Friday: 09:00 - 22:00
Saturday - Sunday: 12:00 - 22:00
Emergencies:
Use the Tilburg University CERT phone number (+31 13 466 3095) to make a call. This number is available 24x7x365. Also send an email to cert@uvt.nl including the word EMERGENCY in the subject line.
Use the Tilburg University CERT phone number (+31 13 466 3095) to make a call. This number is available 24x7x365. Also send an email to cert@uvt.nl including the word EMERGENCY in the subject line.
3. Charter
3.1. Mission Statement
Tilburg University CERT’s mission is to coordinate the resolution of ICT security incidents related to Tilburg University, and to help prevent such incidents from occurring. All IT security incidents (including abuse) related to Tilburg University can be reported to Tilburg University CERT.3.2. Constituency
Tilburg University including all its associated organizations and employees.3.3. Sponsorship and/or Affiliation
Tilburg University CERT is part of Tilburg University operations.3.4. Authority
Tilburg University CERT coordinates security incidents on behalf of Tilburg University. Its chair is the Security Officer of Tilburg University, who has delegated authority to suspend users and block traffic from or to IP addresses.4. Policies
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY. Tilburg University CERT itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to Tilburg University CERT as EMERGENCY, but it is up to Tilburg University CERT to decide whether or not to uphold that status.4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information is handled discretely by Tilburg University CERT, regardless of its priority. Information that is evidently very sensitive in nature is only communicated in an encrypted fashion. When reporting an incident of very sensitive nature, please state so explicitly (e.g. by using the label VERY SENSITIVE in the subject field of e-mail) and use encryption as well. Tilburg University CERT will use the information you provide to help solve security incidents, as all CSIRTs do or should do. This means explicitly that the information will be distributed further only on a need-to-know base, and anonymously if possible. If you expect more confidentiality, please explicitly state what you want Tilburg University CERT to do with the information provided. Tilburg University CERT will try to adhere with your suggestion. Tilburg University CERT is subject to Dutch law. Requests or orders by law enforcement will be channelled via the legal department of Tilburg University. Tilburg University CERT will itself report crime to law enforcement if required by Dutch law or if such reporting is expected to trigger a response from them.4.3. Communication and Authentication
See 2.8 above. Usage of PGP in all cases where sensitive information is involved is highly recommended.5. Services
5.1. Incident Response
-
5.1.1. Incident Triage
5.1.2. Incident Coordination
5.1.3. Incident Resolution
Tilburg University CERT is responsible for the the coordination of security incidents somehow involving Tilburg University. Tilburg University CERT therefore handles both the triage and coordination aspects. Incident resolution is left to the responsible administrators within Tilburg University and externally.
5.2. Proactive Activities
Tilburg University CERT pro-actively advises its constituency with regards to recent vulnerabilities and trends in hacking/cracking.Tilburg University CERT advises Tilburg University on matters of computer and network security. It can do so pro- actively in urgent cases, or on request. Both roles are roles of consultancy – Tilburg University CERT is not responsible for implementation.
