Date: Thu, 13 Sept 2018 08h18 UTC/GMT +0100
Author: Marc Frederic GOMEZ
1. Document information
This document contains a description of CSIRT IICRAI according to RFC 2350. It provides basic information about the CSIRT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of last update
Date: Wed, 18 June 2019 05h35 UTC/GMT +0100
1.2 Distribution list for notifications
There is no distribution list for notifications as of 2018
1.3 Locations where this document may be found
The current version of this document can always be found at https://www.iicrai.org/about/rfc2350/rfc2350.html .
2. Contact information
2.1 Name of the team
Computer Security Response Team IICRAI
CSIRT IICRAI – Attn. Marc F. GOMEZ
21 Rue Saint Maurice
2.3 Time zone
We are located in the central European timezone (CET) which is GMT+0100
2.4 Telephone number
+33 9 72 65 58 75
2.5 Facsimile number
+33 9 72 65 58 77
2.6 Other telecommunication
2.7 Electronic mail address
Please send incident reports to csirt(at)iicrai.org.
Non-incident related mail should be addressed to contact(at)iicrai.org.
2.8 Public keys and encryption information
Key PGP for csirt(at)iicrai.org
Key ID : 7BFF 3F47 0CBA 01B2
Finger Print : 50FC EBC5 5956 B8E4 3553 248C 7BFF 3F47 0CBA 01B2
—–BEGIN PGP PUBLIC KEY BLOCK—–
—–END PGP PUBLIC KEY BLOCK—–
2.9 Team members
The team leader of CSIRT IICRAI is Marc-Frederic Gomez. Other team members are no listed publicly.
2.10 Other information
2.11 Points of customer contact
The preferred method for contacting CSIRT IICRAI is via e-mail. For incident reports and related issues please use report(at)iicrai.org. This will create a ticket in our tracking system and alert the human on duty. For general inquiries please send e-mail to contact(at)iicrai.org.
CSIRT IICRAI’s hours of operation are open 24 hours on 7 days CET/CEST.
3.1 Mission statement
The purpose of CSIRT IICRAI is to coordinate security efforts and incident response for IT-security problems to members association IICRAI’s only.
The constituency of CSIRT IICRAI is Response team of Institut International de la Coopération sur les Risques liés aux attaques informatiques Association de loi 1901 (non-profit Organization).
Note that usually no direct support will be given to end users; they are expected to contact their CSIRT, CISO or ISP, system administrator, network administrator, or department head for assistance. CSIRT IICRAI will support the latter.
3.3 Sponsorship and/or affiliation
CSIRT IICRAI is an initiative of IICRAI, Organization with non profit.
Funding is provided by the board and members donations.
The main purpose of CSIRT IICRAI in incident handling is the coordination of incident response. As such, we can only advise our constituency and have no authority to demand certain actions.
4.1 Types of incidents and level of support
CSIRT IICRAI is authorised to address all types of computer security incidents which occur, or threaten to occur, in our constituency (see 3.2) and which require cross-organisational coordination for all members of IICRAI organization only.
The level of support given by CSIRT IICRAI will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and our resources at the time.
Special attention will be give to issues affecting critical infrastructure.
CSIRT IICRAI is committed to keeping its constituency informed of potential vulnerabilities, and, where possible, will inform this community of such vulnerabilities before they are actively exploited.
4.2 Co-operation, interaction and disclosure of information
CSIRT IICRAI will cooperate with other organisations in the field of computer security. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities.
Nevertheless CSIRT IICRAI will protect the privacy of reporters, partners and our constituents, and therefore (under normal circumstances) pass on information in an anonymised way only unless other contractual agreements apply.
CSIRT IICRAI operates under the restrictions imposed by French law. This involves careful handling of personal data as required by French Data Protection law, but it is also possible that – according to French law – CSIRT IICRAI may be forced to disclose information due to a court order.
CSIRT IICRAI treats all submitted information as confidential per default, and will only forward it to concerned parties in order to resolve specific incidents when consent is implicit or expressly given.
4.3 Communication and authentication
For normal communication not containing sensitive information CSIRT IICRAI might use conventional methods like unencrypted e-mail or fax. For secure communication PGP-encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.
5.1 Incident response
CSIRT IICRAI will assist IT-security teams in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident triage
determining whether an incident is authentic assessing and prioritizing the incident
5.1.2. Incident coordination
determine the involved organizations contact the involved organizations to investigate the incident and take the appropriate steps facilitate contact to other parties which can help resolve the incident send reports to other CERTs/CSIRT with authorization of members
We mainly see ourselves as information hub which knows where to send the right incident reports to in order to help and facilitate the clean-up of IT security incidents.
CSIRT IICRAI will always strive to react to incoming incident reports from humans within two business days. Due to current staffing levels this can not be guaranteed, though. If you haven’t received feedback to an incident report after four business days, we ask that you contact us again. Auto-generated reports and data-feeds will be handled as automatically as possible.
5.1.3. Incident resolution
advise local security members teams on appropriate actions
follow up on the progress of the concerned local security teams ask for reports report back
5.2 Proactive activities
CSIRT IICRAI tries toraise security awareness in its constituency collect contact information of local security members teams publish announcements concerning serious security threats observe current trends in technology distribute relevant knowledge to the constituency provide fora for community building and information exchange within the constituency
6. Incident reporting forms
There are no local forms available.
While every precaution will be taken in the preparation of information, notifications and alerts, CSIRT IICRAI assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.