DKCERT RFC 2350

The following profile of DKCERT has been prepared in adherence to RFC 2350, Expectations for Computer Security Incident Response.
  1. Document Information
    1. Date of Last Update
      Version 1.14, published August 11, 2017.
    2. Distribution List for Notifications
      Changes to this document are not distributed by a mailing list. Please address questions or remarks by e-mail to: cert (at) cert.dk
    3. Locations where this document may be found
      The current version of this profile is always available at: https://www.cert.dk/About_DKCERT/RFC2350
  2. Contact Information
    1. Name of the Team
      DKCERT
    2. Address
      Asmussens Allé, Building 305
      DK-2800 Kgs. Lyngby
      Denmark
    3. Time Zone
      CET, Central European Time (UTC+1, between last Sunday in October and last Sunday in March)
      CEST (also CET DST), Central European Summer Time (UTC+2, between last Sunday in March and last Sunday in October)
    4. Telephone Number
      +45 3587 8887 (Monday through Thursday from 9 a.m. to 4 p.m., Friday from 9 a.m. to 2 p.m.)
    5. Facsimile Number
      +45 4588 7995
    6. Other Telecommunication
      Twitter: @dkcert
    7. Electronic Mail Address
      cert (at) cert.dk
    8. Public Keys and Encryption Information
      DKCERT uses PGP for digital signatures and to receive encrypted information. The keys are available on public PGP/GPG key servers and at https://www.cert.dk
      Address: cert (at) cert.dk
         Key-ID: 79D294CE
         Fingerprint: B14C 2840 133D E7E9 21B1  27CB 903C 41BD 79D2 94CE
    9. Team Members
      A full list of DKCERT team members is not publicly available. Team members will normally identify themselves to the reporting party in an official communication regarding an incident, but are not obligated to do so.
    10. Other Information
      General information about DKCERT is available at https://www.cert.dk
    11. Points of Customer Contact
      The main point of contact is the DKCERT mail addresses:
        cert (at) cert.dk            : General contact e-mail address.
        abuse (at) cert.dk        : E-mail address dedicated to incidents.
      You may also call DKCERT at +45 3587 8887 to report an incident. Our regular hours (local time in respect to public holidays in Denmark) are Monday through Thursday from 9 a.m. to 4 p.m., Friday from 9 a.m. to 2 p.m. Outside normal working hours we refer to the e-mail addresses.
  3. Charter
    1. Mission Statement
      The mission of DKCERT is to create an increased focus on IT security within the area of research and education by building and creating current, relevant and useful knowledge. This knowledge enables DKCERT to publish warnings and other information about potential risks and emerging security incidents to its constituency.
    2. Constituency
      The constituency of DKCERT is forskningsnettet, the Danish National Research and Education Network.
    3. Sponsorship and/or Affiliation
      DKCERT is part of DeIC, Danish e-Infrastructure Cooperation, an organization under the Danish Agency for Science, Technology and Innovation. DKCERT currently resides under the Technical University of Denmark (DTU).
    4. Authority
      DKCERT handles incident response, coordinates action and warns our constituency. We have no legal authority to demand that incidents are addressed.
  4. Policies
    1. Types of Incidents and Level of Support
      DKCERT handles various types of security incidents. The level of support depends on the type of the incident and the severity as determined solely by the DKCERT staff.
    2. Co-operation, Interaction and Disclosure of Information
      All incoming information is handled confidentially by DKCERT, regardless of its priority.     Information that is sensitive or classified is only communicated and stored in a secure environment, if necessary using encryption. DKCERT will use the information obtained to help solve security incidents. Information will only be distributed to other teams and team members according to relevant legislation and on a need-to-know basis, preferably as anonymized data. DKCERT uses the Traffic Light Protocol (TLP) for classifying information as well as the NATO/EU classification scheme.
    3. Communication and Authentication
      E-mail is the preferred method of communication. When the content is sensitive or requires authentication, the DKCERT PGP key is used for signing e-mail messages. All sensitive or confidential communication to DKCERT should be encrypted using the team's PGP key.
  5. Services
    1. Incident response
      Incident response is provided as stated in “2.11 Points of Customer Contact”. DKCERT will investigate incidents and coordinate responses from relevant stakeholders. This may include involvement of experts, tools and other capabilities to act, analyze and communicate with stakeholders and media.
      1.  Incident Triage
        Investigating whether indeed an incident occurred.
        Determining the extent of the incident.
      2.  Incident Coordination
        Determining the initial cause of the incident.
        Facilitating contact with other sites that may be involved.
        Communicate with stakeholders and media.
      3.  Incident Resolution
        Providing advice to the reporting constituent that may help remove the vulnerabilities that caused the incident and help secure the systems from the effects of the incidents.
        Evaluate and give advice to stakeholders as to which actions are most suitable to provide desired results regarding the incident resolution.
        Provide assistance in evidence collection and data interpretation when needed.
        Evaluate the frequency, the amount and the severity of the incident for public warning.
    2. Proactive Activities
      DKCERT provides information to its constituency such as news stories, articles, reports, advisories, fact sheets, and white papers in order to prevent or correct ICT related security incidents or to prepare for such incidents and reduce the impact.
    3. Vulnerability scanning
      DKCERT scans the networks of its constituency on a regular basis in order to discover vulnerable systems.
  6. Incident Reporting Forms
    DKCERT prefers to receive a detailed description of an incident via e-mail.
  7. Disclaimers
    While every precaution will be taken in the preparation of information, notifications and alerts, DKCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

[EOF]


This document may also be downloaded as a PDF file:

Keywords: