File contents

RFC 2350 (BCP 21) 
Description of University of Cambridge Computer Security Incident Response Team (CSIRT) 

1: Introduction

This is the RFC 2350 for the University of Cambridge Computer Security Incident Response Team (CSIRT).

2: Scope

<section intentionally blank>

3: Information, Policies and Procedures

3.1: Obtaining the Document

Date of last update: 
2019-04-09 

Locations where this Document May Be Found:	
https://help.uis.cam.ac.uk/service/user-accounts-security/security/csirt/CSIRT-RFC2350

3.2: Contact Information 

Full Name: 
University of Cambridge Computer Security Incident Response (UIS) Team 
Short Name: 
CSIRT 

Mailing address:
CSIRT
University Information Services
Roger Needham Building 
Cambridge 
United Kingdom
CB3 0RH

Timezone: 
GMT/UTC (GMT/UTC+0100 in Summer Time)
	
Telephone Number:
+44 1223 767077 (CSIRT) (Primary Contact) 
+44 1223 762999 (UIS Service Desk) (Secondary Contact)

Electronic Mail Address: 
csirt [AT] uis . cam . ac . uk 

Public keys and encryption:

Emails or files sent to CSIRT can be encrypted, but it is not required. PGP public key as follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQMuBFup+30RCADLd6i+WxUP9MY4eiLTWUlIveZIay0yo1j31f4ixPAUzZ/7mCQf
5ndP/odghuf/wlbiuXh0vHkHbuEiNsvE0WN1isW2hqb1TcUHj1ZZNPHV0iRDSFLp
g/jRnIWiaNcdR8yS3P3crt6wNO3YAo20/a3W7UG82VY6+RrM8rFjT+hTsGALyOP8
BX1+g3D8fFL8XzKGlbLmXhdNRcRzwZlrfu8NoqKQL5yoaLWLsHcoj0AlPvPnB6CU
UPwlOr7vInPWkC2GExL2S2ZoTAJd0W0uezmhVWbgNk9cFcvmqlxJr2wbWzQPzgVj
6/F1beJH00A3ulE10pKMKwBwNXuJHPNjrOEfAQDPwM6iMJ7/E2AXC9QhD4Wrdkpv
orxXBgaq2c0HoQZ3mQf8D/RZ8+mvydY3/Goj0paRPjksbOie6M3d/SYyqiolOi9U
mES9o43BX6ebcNZ+oa19op0FrJH76KI/7uToAnbirf8z6lrGjozIXDzw/LZR5+XM
Apa5f74LDyIczqkGazqzTdShQV35G1S7vGIzK7SWCNEzciYBiwZ7MQUIJfxzkYEk
7CkfwgUNzoR02XsviG/k9U1jXvMtxSzT2dvMJK38nAQYKidWJuEvPWXh7VeYrLy5
4uR81Vne5H2wjC67vRtfMoZ71QlvUvU7ZcozX8Z30wOnKeaWIblm5TK+wzalAHGA
8600pKSdTJESVJdybvad658PVvI0Jl/mJApRGRcV8gf8DBq+z2ey/ESV9VlZ5o7R
1JV6/bgtPokzcGgyBZekdz0lp3tmIlhA7HmcE0BDPhDcF1jctnnAyrwxyDuIE6tG
V4AOw3stYv/xXDOKHUoObi9S/qbjsaWm1MKfzeWzCwvfEJpgvHDrtomj4lkRzJIE
FXoBcroE0JHG6VbXaxLmRkyyrBQJTOSrugDa7KlD1RBsSVNZX4NiFnqUv3BgfEFC
DTTmHOcHGS9/QNnRYjau1Qxj9UQWh3a5S+wnmJbXJ+pTNvA3XuwvYzRXyON+kQ7I
PwcwrFz96h0IqD2B3QnpT4zRxhfOPZ/F9v7CB9yH9qyY9UXo7A/uiUljGUdWK3VN
57Q4Q2FtQ0VSVCAoQ2FtQ0VSVCBwdWJsaXNoZWQga2V5IDMgeWVhcnMpIDxjZXJ0
QGNhbS5hYy51az6IlgQTEQgAPhYhBA/sZlymtTrTMp/ezCEmTZ6Q6NL7BQJbqft9
AhsDBQkFo5qABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJECEmTZ6Q6NL7pqEA
/0d+2+jKMcxMT/jcAb6qKui3VAw0OzjxpNPsrXPXx8v6AQCxOls2+qf+GUcHsnTP
p80BfN/yXIL6WuxaMco2UbrzPrkCDQRbqft9EAgA+0Fgz3Mv4GS5ySINd1DwPPZG
vCsyiFYjqSSV+erKh+LXVBNsgDK/SayJ8KRC9f3nae78p+Q8z/udtuYudFMPc+dG
Jp3kF1JYc4dvtwF1ITE8cV2BnT2GLGSKpSU/LeUWXYJdGSOnQrrhHj7+tmn6UNse
ruMPxvU8mn8fZeZfb8T82kcR8SSlQmxyKPzngintXgYrF1N6MXSH5C/qBThZFY53
mm64g046Ll+7MfWvN6DtsKVW/n9C680TK/pTq6IELsjHgznKhdxA6HwPml72vgCg
kY+EOi/0pYSZGQ20geKThXZzClseB0zy6Jza6dSdeOhHEB7rH6VD9ULCAXlkSwAD
BQgApw7pZDwvk07xLT3Y+ENUnosHhPf6UdsamoXX3ah4FI/xiehQylfkKIkAO+Lu
wH4b/Z+ipP5tfVzWyzK10WkcbYLBMMi4+3c58qsd2ZdbuoVKcUZcAGQoNUmW5daR
G6Htws0rXGc8O3lWHcq/a2K2FLOytlNbmG/EkYdnTVCffg/Ijgi+p1KFyw3t/reH
nBI8fyr7luD8Cl6bvFfxkYgTJ3Cqo9zQBC0R9uW+YHAi3pPar0gdInvk0ZNoO6xd
q7w5qNkJsGltG9XYyea3bQpt9JLnpyrK5V6nK3uE1GA4o/IzyB3QVudX5KULoXRZ
ppdDF/2EVNDWaXZvYuT+8QEUBoh+BBgRCAAmFiEED+xmXKa1OtMyn97MISZNnpDo
0vsFAlup+30CGwwFCQWjmoAACgkQISZNnpDo0vsrVgEAjiEsXLA2uKF3MofBApWh
l0/MNmq3/0KXmeOreETG2KMBAMx65/cxBdfjLk/E2uympBSCffNBcAu0dDlEPvJk
UrJa
=1TWu
-----END PGP PUBLIC KEY BLOCK-----


Operating Hours: 
Emails are monitored Monday to Friday, 9.00 to 17.00

3.3: Charter

3.3.1: Mission Statement

The main areas of responsibility of CSIRT are: 
Dealing with Information Security incidents that are within the CUDN (Cambridge University Data Network).
Serving as a single point of contact for national and foreign CERTs/CSIRTs. 
Co-ordinating the response in case of incident escalation. 

3.3.2: Constituency

IT infrastructure and services located on the Cambridge University data Network (CUDN).

3.3.3: Sponsoring Organization / Affiliation

CSIRT is a service within the University of Cambridge Information Services department. We are endorsed by the Information Services Committee of the University of Cambridge. We act as the SPOC for JISC CSIRT for matters relating to the University of Cambridge and we work with other Legal Enforcement Agencies. 

3.3.4: Authority

CSIRT has the authority to act on all incidents that cause, or could cause, detriment to the confidentiality, integrity and availability of Cambridge University IT assets. 

3.4: Policies

All incidents are considered normal priority unless they are labelled EMERGENCY.

CSIRT works closely with UK and EU institutions & law enforcement agencies. All relevant UK Data Protection Laws apply. In the case of criminal action, these will be reported to the appropriate authorities. 

3.5: Services

Incident Response
Incident Triage
Incident Co-ordination

3.6: Incident Reporting Forms

Incident reporting forms are not used.

3.7: Disclaimers

This document is provided on an "as is" basis and does not imply any kind of guarantee of service provided by the University of Cambridge.

While every precaution will be taken in preparation & dissemination of information and security alerts, CSIRT assumes no responsibility to external (Non-University of Cambridge organisations and users) for errors, omissions, or for damages resulting from the use of the information provided within this document or our security communications.