This is a draft document for comments.

This document sets out the scope for eduGAIN Incident Response Coordination, which will be piloted from 1 July 2018 - 31 July 2019.  eduGAIN Incident Response coordination will be supported by edugain-support and a dedicated team of incident response experts.

A. Put in place team


RequirementsStatusResponsible
A1.

Define support team

For the pilot, a team of between 3 - 4 incident response experts will be identified drawing people from the GÉANT Association, the GÉANT project and the community. 

Ann / Nicole

B. Put in place service parameters


RequirementsStatusResponsible
B1.

Scope

For the pilot, the role will be limited to coordinating and supporting federations and federation users in finding the correct security contact only.  No support in diagnosing or solving the issue will be offered unless it something that eduGAIN already has direct experience and knowledge to support. 



B2.

Hours and response times

For the pilot, support will be offered during normal European working hours.  The support function will aim to provide an initial response within 1 working day. 



B3.

Supported users

TBD - only Sirtfi contacts?  Anyone contacting? Federations? etc.



C. Define workflow for team response.


RequirementsStatusResponsible
C1.global identifier for each incident

C2.incident type classification

C3.recognizing and escalating a security ticket

C4.ensuring the right people are added to communication chain

C5.supporting move to a secure channel

C6.supporting post incident communications and reporting

D. Select and implement support tools.


RequirementsStatusResponsible
D1.Secure communication channel

D2.Sirtfi responsiveness testing

D3.Sirtfi error checking

E. Ensure eduGAIN policy and supporting templates are in place. 


RequirementsStatusResponsible
E1.Sirtfi as an eduGAIN BCP

E2.


E3.Disclosure policy

F. Implement support for testing.


Requirements
F1.Work with end-users on small test cases
F2.Participate in larger-scale incident testing