...
This is where you should include a description of what your NREN, project or institute does.
This table is for information that may be helpful to include. Any information may be added as you wish, anything you wish to PUBLICLY share with others.
Irrelevant ones may be removed.
Lines may be duplicated to refer to multiple documents.
E.g. you may provide a link to a list of policy documents, or you may provide several lines with links to various policy documents.
You may include any text/explanations you wish. Please don't include anything here that may be of use to an attacker.
...
| Name of NREN/Project/Institute | Example Project Institute Homepage | |
|---|---|---|
| General Overview | Link to Intranet for Public link for this project or NREN | |
| Emergency Security Emergency contact | How How to contact in an emergency E.g. E-mail(s) or link to instructions | |
| How How to Report report a security incident | ||
| RFC 2350 | ||
| security incident | Incident reporting e-mail(s) preferably, and/or links to instructions | |
| RFC 2350 | Link to relevant public document if you have one, or who to contact | |
| Security officer | individual e-mail if you wish, some make public, some don't | |
| Data Protection Officer (GDPR) | ||
| Hosting Organisation | ||
| Who is in charge of the NREN/Project | Could include deputies | |
| ISM | Link to ISM for this project, or person to contact if not public | |
| Policy Documents (incl. AUP) | Link to policy docs for this project, or person to contact if not public | |
| Software Vulnerability handling | Link to procedure/web, or who to contact | |
| Security Monitoring | Link to security monitoring information, if present, or who to contact | |
| Other incident Prevention | Any other incident prevention work | |
| Incident handling | Incident handling procedure - if public, if not who to contact | |
| Any other contact information | As you wishContact information | |
| Compliance with standards | Hosting organisation | Standards complied with, including |
| ipv4/ipv6 prefixes | (more suitable for NRENs or sites than very dist. infrastructures) | |
| identity Identity information | Data | |
| protection officer Authorization information | ||
| Links to blogs, reports, anything you wish. | Security officer | |
| individual e-mail if you wish, some make public, some don't | Other function Other functions | |
| Individual members | (as you wish) | |
| Projects people work on | (if you wish) | |
...