UiO-CERT RFC2350

1. Document Information

1.1 Date of Last Update

February 4, 2024

Version 1.0

1.2 Distribution List for Notifications

This profile is kept up-to-date on the location specified in section 1.3.
E-mail notifications of updates are sent to the Trusted Introducer for CERTs in Europe (see https://www.trusted-introducer.org/).

1.3 Locations Where This Document May Be Found

The current version of this document:

/english/services/it/security/cert/rfc2350.html

2 Contact Information

2.1 Name of the Team

UiO-CERT, The University of Oslo, Norway

2.2 Postal Address

/english/services/it/security/cert/contact/index.html

USIT/UiO-CERT
PB 1059 Blindern
0316 Oslo
Norway

2.3 Time Zone

UiO-CERT is located in Oslo, Norway. Nominally CET (UTC +1), CEST (UTC +2) during daylight saving time.

2.4 Telephone number

+47 22 84 09 11

2.5 Facsimile number

Not applicable.

2.6 Other telecommunication

Not applicable.

2.7 Electronic mail address

Main e-mail address is cert@uio.no

2.8 Public keys and encryption information

UiO-CERT PGP key: /english/services/it/security/cert/cert@uio.no.pub.gpg.asc

2.9 Team members

No public information is provided about UiO-CERT members.

2.10 Other information

For additional information about how to contact UiO-CERT:
/english/services/it/security/cert/contact/index.html

UiO-CERT is a member of FIRST:

https://www.first.org/members/teams/uio-cert

UiO-CERT is a TF-CSIRT member, Accredited by Trusted Introducer:
https://www.trusted-introducer.org/directory/teams/uio-cert.html

3 Points of Customer Contact

E-mail is the preferred method for contacting UiO-CERT.

• E-mail address: cert@uio.no

• Telephone during business hours (08:00¨C17:00 CET/CEST Monday¨CFriday):          +47 22 84 00 04

• Telephone for time-critical emergencies outside business hours: +47 22 84 09 11

4 Charter

4.1 Mission Statement

• UiO-CERT handles IT-related security incidents, such as virus, break-ins and vulnerabilities for the constituency
• UiO-CERT enforces the AUP (acceptable use-policy) and the The rules and procedures in the IT security handbook (in Norwegian)
• UiO-CERT provides services to the University of Oslo, our partners, and other CSIRTs. The list of services is revised and updated regularly, and can be found below.
• UiO-CERT is the hub of information in security related issues.

4.2 Constituency

Generally the constituency is the University of Oslo and cooperating partners/groups, which is at least uio.no
(AS 224)

4.3 Sponsorship and/or Affiliation

UiO-CERT is a part of the IT-department at the University of Oslo

4.4 Authority

UiO-CERT has the authority to take relevant countermeasures to prevent and handle incidents in our constituency.

5 Policies

5.1 Types of Incidents and Level of Support

UiO-CERT will assess incidents based on severity and impact on the constituency.

5.2 Co-operation, Interaction and Disclosure of Information

Classification

Sensitive information encompasses sensitive personal data, as defined by relevant privacy legislation, and business confidential information. All information related to security incidents is considered sensitive, unless all concerned parties specifically state otherwise.
Non-sensitive information consists of publicly available (open) information.

Information handling

Sensitive information is stored and communicated securely. Sensitive information brought to the team¡¯s knowledge may be distributed amongst the UiO-CERT team members. Members of UiO-CERT are subject to explicit non-disclosure agreements regarding all sensitive information.

Information disclosure

In order to investigate and resolve security incidents, incident related information may be released to appropriate parties on a strictly need-to-know basis, and preferably anonymized. Non-sensitive information may be distributed to the general public on a need-to-know basis.

Legal considerations

UiO-CERT will in general cooperate with law enforcement authorities during investigation of possible criminal activity relevant to our constituency, and providing e.g. event and system logs. Sensitive information can be handed over to relevant authorities following a court order. 

Traffic Light Protocol (TLP)

UiO-CERT supports the Traffic Light Protocol v2.0, and all labelled information will be handled in accordance with https://www.first.org/tlp.

5.3 Communication and Authentication

See 2.8 above.

UiO-CERT uses PGP/GPG to ensure the confidentiality and integrity of sensitive information. Normally, all information provided by UiO-CERT is digitally signed with the team key, and sensitive information is encrypted. It is highly recommended to use PGP/GPG in all cases where sensitive information is involved. Norwegian authorities do not enforce restrictions on key sizes or the use of cryptography, and there are no key escrow requirements.

6 Services

6.1 Incident Response

6.1.1 Incident Triage

• Investigating whether indeed an incident occurred.

• Determining the extent of the incident.

6.1.2 Incident Coordination

• Correlate indicators from detection vectors with other central or customer-specific information sources.

• Contact other members of the constituency that may be involved in the incident or exposed to the particular threat.

• Compose announcements to end users, if applicable.

• Share information with other CSIRTs, if applicable.

• Contribute to determining the initial cause of the incident.

6.1.3 Incident Resolution

For internal incidents, the following relevant steps are taken:

• Remove the vulnerability.

• Secure the system from the effects of the incident.

• Collect evidence after the fact, if applicable.

• Take appropriate countermeasures to protect against recurring incidents.

• Wrap-up, lessons learned.

6.2 Proactive Activities

• Sending out announcements and vulnerability bulletins
• Technology watch
• Vulnerability watch
• Log parsing, detection and analysis
• Other security related matters, independent of product and platform
• Training; internally and for cooperating partners

7 Disclaimers

None.