Versions Compared

Old Version 7

changes.mady.by.user Davide Vaghetti

Saved on

compared with

New Version 8

changes.mady.by.user Sven Gabriel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

+31 12345679 (SOME GEANT OFFICE  FAX NUMBER, where the Opertor at least knows what to do when contacted on security issues related to eduGAIN)

Other Telecommunication/Instant messaging

OTHER METHODS MONITORED BY THE eduGAIN CSIRT (keybase? slackchannel?) 

Electronic Mail Address

edugain-support-sec-team@lists.geant.abuse@edugain.org This is a mail alias that relays mail
to the human(s) on duty for the eduGAIN-CSIRT.

...

The key and its signatures can be found at the usual large public keyservers.

Team Members

eduGAIN-CSIRT is coordinated by the eduGAIN-CSIRT security officer. Other team members along with their contact information are listed at the eduGAIN-CSIRT web page: <eduGAIN-CSIRT.WEBPAGE.ORG>

Other Information

General information about the XYZ-CERT, as well as links to
various recommended security resources, can be found at
<eduGAIN-CSIRT.WEBPAGE.ORG>
NOTE: WE NEED TO DISCUS IF WE WANT OT RUN SUCH A PAGE
The eduGAIN-CSIRTs hours of operation are generally restricted to
regular business hours (09:00-17:00 (CET/CEST) Monday to Friday except holidays).

Charter

Mission Statement

The eduGAIN-CSIRT  provides security incident coordination for eduGAIN and is the primary contact point for questions related to security issues affecting eduGAIN participants. Therefore eduGAIN-CSIRT operates and maintains a communications infrastructure and provides forensics support on request to end entities in coordination with the respective federations.

Constituency

The eduGAIN constituency  is the eduGAIN participants.

Sponsorship and/or Affiliation

eduGAIN is abc... the role of federations in eduGAIN goes here probably as well

Authority

eduGAIN-CSIRT is authorized by the eduGAIN Steering Group to investigate any activity within its Terms of Reference and, in coordination with the federations,  take all necessary controlling actions to contain and mitigate suspected and confirmed computer incidents to limit the extend of possible service degradation or reputation damage to eduGAIN.


Policies

we do not really have an extended set of policies

Types of Incidents and Level of Support

Co-operation, Interaction and Disclosure of Information

federations and comm flows go here, also comms to eSG

Communication and Authentication

TLP adherence and optional encrypted comms go here

Services

Incident Response

This the service a CSIRT has to provide

Incident Triage

- Investigating whether indeed an incident occured.
- Determining the extent of the incident. Single entity, or multiple federations affected.

Incident Coordination

Incident Resolution

Proactive Activities

We can't do much here I'm afraid

Incident Reporting Forms

Link to possible incident-report templates

Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, XYZ-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.