Tilburg University CERT

Computer Emergency Response Team

Operational framework and RFC2350

Below you find the Operational framework and RFC-2350 document for Tilburg University CERT. This document describes the community's expectations of computer security incident response teams (CSIRTs).

Operational framework

The Operational Framework is a brief description of activities and services of Tilburg University CERT.
  • Download
  • , not available yet

    RFC-2350 Tilburg University CERT

    RFC2350 is an international standard for Computer Security Incident Response Teams.
  • Download
  • , not available yet Following profile of Tilburg University CERT has been established in adherence to RFC-2350.

    1. Document Information

    1.1. Date of Last Update

    This is version of June 20th 2018.

    1.2. Distribution List for Notifications

    The current version of this profile is always available on: https://www.cert.uvt.nl/general/framework
    Any specific questions or remarks please address to the Tilburg University CERT mailaddress.

    1.3. Locations where this Document May Be Found

    The current version of this profile is always available on: https://www.cert.uvt.nl.

    2. Contact Information

    2.1. Name of the Team

    Tilburg University CERT, the CSIRT or CERT team for the Tilburg University (UvT), The Netherlands.

    2.2. Address

    Tilburg University CERT Room G217 P.O. Box 90153 NL - 5000 LE Tilburg

    2.3. Time Zone

    UTC+1 (UTC+2 during DST , according to EC rules)

    2.4. Telephone Number

    +31 13 466 3095

    2.5. Facsimile Number

    +31 13 466 3189 (mention "Attention to Tilburg University CERT")

    2.6. Other Telecommunication

    Not available.

    2.7. Electronic Mail Address

    cert@uvt.nl

    2.8. Public Keys and Encryption Information

    Only PGP is currently supported for secure communication.
    Current key (UvT-CERT.2016-key) 68D20C5A
    Key fingerprint = 1AEE 755F 94A9 2C83 5514 C687 0230 C0FC 68D2 0C5A
    The PGP Public key of Tilburg University CERT can be found here.

    2.9. Team Members

    Tilburg University CERT team members are assigned from the ranks of Tilburg University ICT professionals. Further details to be found at https://www.cert.uvt.nl/.

    2.10. Other Information

    Tilburg University CERT was established in 2004 For other information see https://www.cert.uvt.nl/.

    2.11. Points of Customer Contact

    Regular method of contact: use Tilburg University CERT mailaddress.

    Regular response hours (local time, save public holidays in The Netherlands): Monday - Friday: 09:00 - 22:00 Saturday - Sunday: 12:00 - 22:00
    Emergencies:
    Use the Tilburg University CERT phone number (+31 13 466 3095) to make a call. This number is available 24x7x365. Also send an email to cert@uvt.nl including the word EMERGENCY in the subject line.

    3. Charter

    3.1. Mission Statement

    Tilburg University CERT’s mission is to coordinate the resolution of ICT security incidents related to Tilburg University, and to help prevent such incidents from occurring. All IT security incidents (including abuse) related to Tilburg University can be reported to Tilburg University CERT.

    3.2. Constituency

    Tilburg University including all its associated organizations and employees.

    3.3. Sponsorship and/or Affiliation

    Tilburg University CERT is part of Tilburg University operations.

    3.4. Authority

    Tilburg University CERT coordinates security incidents on behalf of Tilburg University. Its chair is the Security Officer of Tilburg University, who has delegated authority to suspend users and block traffic from or to IP addresses.

    4. Policies

    4.1. Types of Incidents and Level of Support

    All incidents are considered normal priority unless they are labeled EMERGENCY. Tilburg University CERT itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to Tilburg University CERT as EMERGENCY, but it is up to Tilburg University CERT to decide whether or not to uphold that status.

    4.2. Co-operation, Interaction and Disclosure of Information

    ALL incoming information is handled discretely by Tilburg University CERT, regardless of its priority. Information that is evidently very sensitive in nature is only communicated in an encrypted fashion. When reporting an incident of very sensitive nature, please state so explicitly (e.g. by using the label VERY SENSITIVE in the subject field of e-mail) and use encryption as well. Tilburg University CERT will use the information you provide to help solve security incidents, as all CSIRTs do or should do. This means explicitly that the information will be distributed further only on a need-to-know base, and anonymously if possible. If you expect more confidentiality, please explicitly state what you want Tilburg University CERT to do with the information provided. Tilburg University CERT will try to adhere with your suggestion. Tilburg University CERT is subject to Dutch law. Requests or orders by law enforcement will be channelled via the legal department of Tilburg University. Tilburg University CERT will itself report crime to law enforcement if required by Dutch law or if such reporting is expected to trigger a response from them.

    4.3. Communication and Authentication

    See 2.8 above. Usage of PGP in all cases where sensitive information is involved is highly recommended.

    5. Services

    5.1. Incident Response

      5.1.1. Incident Triage

      5.1.2. Incident Coordination

      5.1.3. Incident Resolution
      Tilburg University CERT is responsible for the the coordination of security incidents somehow involving Tilburg University. Tilburg University CERT therefore handles both the triage and coordination aspects. Incident resolution is left to the responsible administrators within Tilburg University and externally.

    5.2. Proactive Activities

    Tilburg University CERT pro-actively advises its constituency with regards to recent vulnerabilities and trends in hacking/cracking.

    Tilburg University CERT advises Tilburg University on matters of computer and network security. It can do so pro- actively in urgent cases, or on request. Both roles are roles of consultancy – Tilburg University CERT is not responsible for implementation.

    6. Incident Reporting Forms

    Not available..

    7. Disclaimers

    Not available