RFC 2350 (BCP 21) Description of University of Cambridge Computer Security Incident Response Team (CSIRT) 1: Introduction This is the RFC 2350 for the University of Cambridge Computer Security Incident Response Team (CSIRT). 2: Scope
3: Information, Policies and Procedures 3.1: Obtaining the Document Date of last update: 2024-04-10 Locations where this Document May Be Found: https://help.uis.cam.ac.uk/service/security/csirt/CSIRT-RFC2350 3.2: Contact Information Full Name: University of Cambridge Computer Security Incident Response (UIS) Team Short Name: CSIRT Mailing address: CSIRT University Information Services Roger Needham Building Cambridge United Kingdom CB3 0RH Timezone: GMT/UTC (GMT/UTC+0100 in Summer Time) Telephone Number: +44 1223 767077 (CSIRT) (Primary Contact) +44 1223 762999 (UIS Service Desk) (Secondary Contact) Electronic Mail Address: csirt [AT] uis . cam . ac . uk Public keys and encryption: Emails or files sent to CSIRT can be encrypted, but it is not required. PGP public key as follows: -----BEGIN PGP PUBLIC KEY BLOCK----- mQGNBFy0V8EBDADLXmS1lvvIbUrAWMBsdzsMmSV1g4tlMjlsqKGZ+KhtNz3j+pe2 H487kf4JSHia2dcQP82ZbHsXKH/1Bs4WK57R1S2fK/BDZ1I7UaSocTnN4rfHBFH2 pG+JCBf72imAeMTKl57MO54Xx2UTwC2Qoydc/G+VvXYRqMeJGB7pHTt6ojKBODpY B9xZWLHPlGHnlYL36mXohhykgsmX/XCVVRZO1+NaThLGBNutiipENiIBUj675QDV u92R9Ci49vPT+y8vzoe5kzKIKU6KHL7dxuu++nMV1CYX+vV6Uo/HmZ0sHb9jx1b4 RGIkpNox0rQ1xDumIt/+0aM7rciTNhw9vN1MbBxUoohnGOHQpN5DTX77KMoapvRA z4uw2ueg7NH6FJI3yJafH+WCGEaYU5DEBemWXZQIfFPnCSH/eAJVs3Ve4vOwwP+Y 31LCx5K3taLtLVaPGGuu/cq7jz+U+rOPD3/JvhYbRkNOHAEqvsSw1v9AnnRlP7ST LW6hwFkYCg6xtG0AEQEAAbQbQ1NJUlQgPENTSVJUQHVpcy5jYW0uYWMudWs+iQHU BBMBCgA+FiEEpC3RJAbSmIUf8sfwhDswVNbsUvIFAly0V8ECGwMFCQPCZwAFCwkI BwIGFQoJCAsCBBYCAwECHgECF4AACgkQhDswVNbsUvJHMQv/RKdLVI2uU+jZNogN ekjihuhcnERXLQKuAVRCVG+xzNPQiXa2Y4fisWJiIOQdlD0hT/dIEeyUSw/O+Gwo CEUldHboTD0tcfdcQqeqbexw7YSzdagcp5L0JIA7iUM9PzkZqG1wcQ83Mnl3DCB0 A6USgXjYh692cvuaHH0xlzHSUo5N3KmbmUbx5gEJF6C/KKz5SwSTK7JiQP24hbBP cZW8TeBCFeg7GmyRYaWSSGyVkNii2nU7c8VMGNQ8+K/wvBEOW8eQ9rEwVmC+7Vww wMMSoqw622BYwky9jv9Su2+MciXYInIjjjldTl87cotyAEGek5mwbn46MvRyst94 lSHnWCG4yg041fynhINdZPyfogWTt2Mo1d+C20sm3oKqdVVHWaBR0tdwOeFisbc6 OyW1fd+5kvPs5g7MGJmlnxLbHqsN4SN4buuD+ALjN6kfv+ncPP3LM/4y1XIcZWEe y69jKojK8LN//sGL/hLD6M1jiZN9kVwxVeN+GTTo5Ck82JwFuQGNBFy0V8EBDADb s/OT2xsL7bWqljxWd6UfStxQ+vFM8p/yNKtMKihcqPx3Ca2vghRdq/W3efQVlkdq W/syJF0QPQscCOEYVFAAnGVyUALtmzymttF8+oDvs3vdW09LDqAX3j+y/Eq2H/hL JV8RuSXsPxnSHPZGAMUQYUWP+0/qpxHNL3JomXXl5yaDkPSSTxEERsFOI+SziVHd rc1zJoPqjC7j8A7Xvj72b93em8QROXqwJBtBG716jOL/RnTEZjoFYLN7Q0jJSd4+ HzF/2/68Ytia6KaMQx8bMjXoJT2/Ro+tAOGSnEPbiqL+k3v+M35/qElzmI8yDFBd 21EF35ODeHlkcKBhmCAvq4eoZRj8BEhFh6lrkfb0j5KV18EB+2dgRdBsi6xbWdkX TQO95oT+sccsK3JOeg5l3Tp0lrvq4qM/E50VZGStv5SiJieicdFZYk3CFoTABmis x2/1cLPKu2t3S1xxwVjjxWZ90DiA84gh0QgQBltALNUbFtp+PmkEeiVvJqXE6D0A EQEAAYkBvAQYAQoAJhYhBKQt0SQG0piFH/LH8IQ7MFTW7FLyBQJctFfBAhsMBQkD wmcAAAoJEIQ7MFTW7FLyKO0MAMmUcJEAgd2nA9LJqQDWkzVVrDmgF489OkVJsD3R NM86wc9BNCfcSBWHWL3qvEHWefsELInNRijp4UosZRPfu7xSn3WdlQW1kUG2UbwY CqR2ovA+dpfDpioXTy9JLncxk7wrtqcCP+P0cPds7NVECaGQdFRrueCFCa3/1XpX XLEl4rpMXRWxkuBohSb5PNXEUx9fD2nqy87txtHsyQlGPnrCyWLzcvgWr9kKVRBv VdKzShsDI5pvAYq+PTKqdhSaBkfrXosCRPP2VxyCiwvOo5N+NBXcBMm54DbBaFau EUWnMnc4yvvjSgOacnRO0a4uEbC9OvWKVSc0xHqDti/3kkliZdtCjmQ4sIx9lSWd x7bGbQVctsbvUiJimhO3umFs5aJ2Dbv/W0sWlcXKUVHb1tUPPo8hjEIAvFUQ0XAG xZOwOtA6/6O3WAEjxai/OWHiraECkU8/OQ9gd6iyA2LEw03mU/rwGy19uBe9UIoE sju3Uuu6bLTEFzUYoxb5mmpyj5kBjQRhLgQzAQwApQYwOMA2bP6hKq4xO9EaEWGy lNo4QLWsaMTLADF9m2izkR+nhN1Dxi0UaIwNyPfNWhBQTbHzwgqyhgrSMn/3mjnS Uxr5GYADK7tUumAXAf2/QH6C/9aXaoa/NkMtrW1rnAC4HBSW7AnGhuT7hJnXfnMb cRvRZWOy5wVv8Oy+2iJgd3dV0pdg/WaMOSeeijzA1XVouB/gUHnFTcZ9RLxq4ufz 0hZ6iTrl27M69GTlVA6KzN8gJEgWhJHVYHy10L3+KpJ5DhKXE3K5hDUEHP4nK5jJ NlQd+jZB6LPRtbimKKQiPG2879pt4gXO5r6zlJSi9VecutwH2uoZicaLs6eMG1ku cguKI+lPKU0MG3nCphKxIiNOGWpCEyMj/fed2HfMGpSvnk0tPoLJY4v8OQnBz4jw w+4/XGfPKm0sLVsSDLZWbLIGwW9zJ5iz2wuG8IO3EwHnqpDRsTDBbc4eGSHjUNT/ cHn6hJgkYkJZ8S4DzJFrLYeFFjCBVMH91/Bh6LlFABEBAAG0G0NTSVJUIDxDU0lS VEB1aXMuY2FtLmFjLnVrPokBzgQTAQoAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIe AQIXgBYhBPIqoaPcRivnvnYtdqlGhXnUtYMuBQJmFnEmAAoJEKlGhXnUtYMuM1sL /24zBaqLAEWm55n9irWv1QZapif8PbTRTfSg3NxL/QDKZwnjaLWSSsuQmaOrlMIM zHceqM8YlrL0zXarJILfbmQ2uiPJCSUFItPsLfwA8VyG53UE9fef+s+FaLkFMksY GcfPZvDp9dXTxVBDt52wToi2mEuexR3dyjoliKHLX/bXiWYxQg0fpFsJPmeNVY1o j6UyHyCrsjuLuOwcEcdX2G9nLG8Aq+7SgCA+2dUQSnc5zsoLq16sg2PagTNBFZQ0 ocETMPT/ZeUOg00gBRau3MMGLak4opq8C4yxTenW87gEhEWMOx4bj7ETm3Cen5YF /2PHg2SPZ5V/UAV78SeGG7E9kZJQk4XdfUS1Et0nbADmXS99HA3bBk08VDkR5T1i UHJwmL0aVg/sQUDcNzlrFW6VaC1oJ9ZblM2TN6uxfWmFuQUuFC8XpOtcETPRuAhG EjV0jTZnnPhOskophfJ+a5glxZfFBy3tcjE7qToftH5uSjls0NZPvJJYyik/Yvp4 sLkBjQRhLgQzAQwAy8kXOcWQ7+ngSF+vPM8PilfaYHPe7ItK5DofwNyJEb3tLMvz aHwzD7mbYeIrqu+jm1yQMgHfWhgnklltLffhX194b1A1HUi3OPUpeZo55WXYQEd0 jG5+d2jUtQpzt8wCo4eJHOVI5nQ+hiopKAE+0l7siupw1+c6qp45t3Xiip0v5Dq6 +kTDXkmAF1N+o2UL3lK26TinMavI3jSb1s1VS35JvJ9k4BlEvywR7xiXyOHVaMxg Q+Fi+1jfvQ4Z0hCSKC6eP2o77Vhq3jXurHW7cz+VAO9aQ4LkxTCD4THX3Z1EChB4 cSLTXrHwsRxA0q8m9PAymTfCRF9eSi/5rNEpTp2r0hgpeqfBVvnh6opJ8Mhh4dfE +DcZXnUGQ96aFM2KjimD3poDXOkaJ3eZZl2dMV4wjHANpObej3ooA6bOOKwJFhtT IVbC6l9qyZucY9z1DFfgvuOUBD82l0i7uKJPS6umhsXF4FLlTFUikoGb6ZDj7TmZ PMV8n2YJ0NGBEIydABEBAAGJAbYEGAEKACACGwwWIQTyKqGj3EYr5752LXapRoV5 1LWDLgUCZhZxigAKCRCpRoV51LWDLkHDDACRYvJTID3xaF+AWF/qUdMYojgFP7FC UMLTqAadw5yuQhKZQLArmkRjThn3ctnKOTHvoaz6zQiiDP5cbLtMPbINdOl8fULx Obu/K7iyjStiMyrxYb6C2TL7NjylPPFFNxqsEMh+i3FMf3TLzsFRz7rZL+zMyfnO +NX1SqgW0b8hFVnweUdJYmQ9qZO4Nj1p6oYBQ52X3WY0mpkPWJ7OQWjtfpplStK7 v7pjJrjbeIu8tks5rtjraHrdsTpBqmzaJ20J4jcVF0bP5P1PD5hbIcpRXqZy+ESL HBxDZWoMDBYMwna+FJ3+rkuXVvA2Vm8Obj6hR9U0+ie0b5kbWYL9lkVKDjdiVomc vpDnR9DfsB8P10xVpEsXXogo+hSBiTQ5xeCNa1xVkukQDmyN3YbPE/dm2eBgB0UH JllCig/FTDVua8nT8AoKqBR5w3+968eieu1Oz4/5m6TPSqwwtBIfx5fLo1mI9aMY f0y+LpjHc2yBDS9oGrtyagMAELAYY9Bm0gI= =v93R -----END PGP PUBLIC KEY BLOCK----- Operating Hours: Emails are monitored Monday to Friday, 9.00 to 17.00 3.3: Charter 3.3.1: Mission Statement The main areas of responsibility of CSIRT are: Dealing with Information Security incidents that are within the CUDN (Cambridge University Data Network). Serving as a single point of contact for national and foreign CERTs/CSIRTs. Co-ordinating the response in case of incident escalation. 3.3.2: Constituency IT infrastructure and services located on the Cambridge University data Network (CUDN). 3.3.3: Sponsoring Organization / Affiliation CSIRT is a service within the University of Cambridge Information Services department. We are endorsed by the Information Services Committee of the University of Cambridge. We act as the SPOC for JISC CSIRT for matters relating to the University of Cambridge and we work with other Legal Enforcement Agencies. 3.3.4: Authority CSIRT has the authority to act on all incidents that cause, or could cause, detriment to the confidentiality, integrity and availability of Cambridge University IT assets. 3.4: Policies All incidents are considered normal priority unless they are labelled EMERGENCY. CSIRT works closely with UK and EU institutions & law enforcement agencies. All relevant UK Data Protection Laws apply. In the case of criminal action, these will be reported to the appropriate authorities. 3.5: Services Incident Response Incident Triage Incident Co-ordination 3.6: Incident Reporting Forms Incident reporting forms are not used. 3.7: Disclaimers This document is provided on an "as is" basis and does not imply any kind of guarantee of service provided by the University of Cambridge. While every precaution will be taken in preparation & dissemination of information and security alerts, CSIRT assumes no responsibility to external (Non-University of Cambridge organisations and users) for errors, omissions, or for damages resulting from the use of the information provided within this document or our security communications.