File contents

RFC 2350 (BCP 21) 
Description of University of Cambridge Computer Security Incident Response Team (CSIRT) 

1: Introduction

This is the RFC 2350 for the University of Cambridge Computer Security Incident Response Team (CSIRT).

2: Scope

<section intentionally blank>

3: Information, Policies and Procedures

3.1: Obtaining the Document

Date of last update: 
2019-04-09 

Locations where this Document May Be Found:	
https://help.uis.cam.ac.uk/service/user-accounts-security/security/csirt/CSIRT-RFC2350

3.2: Contact Information 

Full Name: 
University of Cambridge Computer Security Incident Response (UIS) Team 
Short Name: 
CSIRT 

Mailing address:
CSIRT
University Information Services
Roger Needham Building 
Cambridge 
United Kingdom
CB3 0RH

Timezone: 
GMT/UTC (GMT/UTC+0100 in Summer Time)
	
Telephone Number:
+44 1223 767077 (CSIRT) (Primary Contact) 
+44 1223 762999 (UIS Service Desk) (Secondary Contact)

Electronic Mail Address: 
csirt [AT] uis . cam . ac . uk 

Public keys and encryption:

Emails or files sent to CSIRT can be encrypted, but it is not required. PGP public key as follows:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQGNBFy0V8EBDADLXmS1lvvIbUrAWMBsdzsMmSV1g4tlMjlsqKGZ+KhtNz3j+pe2
H487kf4JSHia2dcQP82ZbHsXKH/1Bs4WK57R1S2fK/BDZ1I7UaSocTnN4rfHBFH2
pG+JCBf72imAeMTKl57MO54Xx2UTwC2Qoydc/G+VvXYRqMeJGB7pHTt6ojKBODpY
B9xZWLHPlGHnlYL36mXohhykgsmX/XCVVRZO1+NaThLGBNutiipENiIBUj675QDV
u92R9Ci49vPT+y8vzoe5kzKIKU6KHL7dxuu++nMV1CYX+vV6Uo/HmZ0sHb9jx1b4
RGIkpNox0rQ1xDumIt/+0aM7rciTNhw9vN1MbBxUoohnGOHQpN5DTX77KMoapvRA
z4uw2ueg7NH6FJI3yJafH+WCGEaYU5DEBemWXZQIfFPnCSH/eAJVs3Ve4vOwwP+Y
31LCx5K3taLtLVaPGGuu/cq7jz+U+rOPD3/JvhYbRkNOHAEqvsSw1v9AnnRlP7ST
LW6hwFkYCg6xtG0AEQEAAbQbQ1NJUlQgPENTSVJUQHVpcy5jYW0uYWMudWs+iQHU
BBMBCgA+FiEEpC3RJAbSmIUf8sfwhDswVNbsUvIFAly0V8ECGwMFCQPCZwAFCwkI
BwIGFQoJCAsCBBYCAwECHgECF4AACgkQhDswVNbsUvJHMQv/RKdLVI2uU+jZNogN
ekjihuhcnERXLQKuAVRCVG+xzNPQiXa2Y4fisWJiIOQdlD0hT/dIEeyUSw/O+Gwo
CEUldHboTD0tcfdcQqeqbexw7YSzdagcp5L0JIA7iUM9PzkZqG1wcQ83Mnl3DCB0
A6USgXjYh692cvuaHH0xlzHSUo5N3KmbmUbx5gEJF6C/KKz5SwSTK7JiQP24hbBP
cZW8TeBCFeg7GmyRYaWSSGyVkNii2nU7c8VMGNQ8+K/wvBEOW8eQ9rEwVmC+7Vww
wMMSoqw622BYwky9jv9Su2+MciXYInIjjjldTl87cotyAEGek5mwbn46MvRyst94
lSHnWCG4yg041fynhINdZPyfogWTt2Mo1d+C20sm3oKqdVVHWaBR0tdwOeFisbc6
OyW1fd+5kvPs5g7MGJmlnxLbHqsN4SN4buuD+ALjN6kfv+ncPP3LM/4y1XIcZWEe
y69jKojK8LN//sGL/hLD6M1jiZN9kVwxVeN+GTTo5Ck82JwFuQGNBFy0V8EBDADb
s/OT2xsL7bWqljxWd6UfStxQ+vFM8p/yNKtMKihcqPx3Ca2vghRdq/W3efQVlkdq
W/syJF0QPQscCOEYVFAAnGVyUALtmzymttF8+oDvs3vdW09LDqAX3j+y/Eq2H/hL
JV8RuSXsPxnSHPZGAMUQYUWP+0/qpxHNL3JomXXl5yaDkPSSTxEERsFOI+SziVHd
rc1zJoPqjC7j8A7Xvj72b93em8QROXqwJBtBG716jOL/RnTEZjoFYLN7Q0jJSd4+
HzF/2/68Ytia6KaMQx8bMjXoJT2/Ro+tAOGSnEPbiqL+k3v+M35/qElzmI8yDFBd
21EF35ODeHlkcKBhmCAvq4eoZRj8BEhFh6lrkfb0j5KV18EB+2dgRdBsi6xbWdkX
TQO95oT+sccsK3JOeg5l3Tp0lrvq4qM/E50VZGStv5SiJieicdFZYk3CFoTABmis
x2/1cLPKu2t3S1xxwVjjxWZ90DiA84gh0QgQBltALNUbFtp+PmkEeiVvJqXE6D0A
EQEAAYkBvAQYAQoAJhYhBKQt0SQG0piFH/LH8IQ7MFTW7FLyBQJctFfBAhsMBQkD
wmcAAAoJEIQ7MFTW7FLyKO0MAMmUcJEAgd2nA9LJqQDWkzVVrDmgF489OkVJsD3R
NM86wc9BNCfcSBWHWL3qvEHWefsELInNRijp4UosZRPfu7xSn3WdlQW1kUG2UbwY
CqR2ovA+dpfDpioXTy9JLncxk7wrtqcCP+P0cPds7NVECaGQdFRrueCFCa3/1XpX
XLEl4rpMXRWxkuBohSb5PNXEUx9fD2nqy87txtHsyQlGPnrCyWLzcvgWr9kKVRBv
VdKzShsDI5pvAYq+PTKqdhSaBkfrXosCRPP2VxyCiwvOo5N+NBXcBMm54DbBaFau
EUWnMnc4yvvjSgOacnRO0a4uEbC9OvWKVSc0xHqDti/3kkliZdtCjmQ4sIx9lSWd
x7bGbQVctsbvUiJimhO3umFs5aJ2Dbv/W0sWlcXKUVHb1tUPPo8hjEIAvFUQ0XAG
xZOwOtA6/6O3WAEjxai/OWHiraECkU8/OQ9gd6iyA2LEw03mU/rwGy19uBe9UIoE
sju3Uuu6bLTEFzUYoxb5mmpyjw==
=iZEP
-----END PGP PUBLIC KEY BLOCK-----


Operating Hours: 
Emails are monitored Monday to Friday, 9.00 to 17.00

3.3: Charter

3.3.1: Mission Statement

The main areas of responsibility of CSIRT are: 
Dealing with Information Security incidents that are within the CUDN (Cambridge University Data Network).
Serving as a single point of contact for national and foreign CERTs/CSIRTs. 
Co-ordinating the response in case of incident escalation. 

3.3.2: Constituency

IT infrastructure and services located on the Cambridge University data Network (CUDN).

3.3.3: Sponsoring Organization / Affiliation

CSIRT is a service within the University of Cambridge Information Services department. We are endorsed by the Information Services Committee of the University of Cambridge. We act as the SPOC for JISC CSIRT for matters relating to the University of Cambridge and we work with other Legal Enforcement Agencies. 

3.3.4: Authority

CSIRT has the authority to act on all incidents that cause, or could cause, detriment to the confidentiality, integrity and availability of Cambridge University IT assets. 

3.4: Policies

All incidents are considered normal priority unless they are labelled EMERGENCY.

CSIRT works closely with UK and EU institutions & law enforcement agencies. All relevant UK Data Protection Laws apply. In the case of criminal action, these will be reported to the appropriate authorities. 

3.5: Services

Incident Response
Incident Triage
Incident Co-ordination

3.6: Incident Reporting Forms

Incident reporting forms are not used.

3.7: Disclaimers

This document is provided on an "as is" basis and does not imply any kind of guarantee of service provided by the University of Cambridge.

While every precaution will be taken in preparation & dissemination of information and security alerts, CSIRT assumes no responsibility to external (Non-University of Cambridge organisations and users) for errors, omissions, or for damages resulting from the use of the information provided within this document or our security communications.