{"id":93,"date":"2018-10-27T13:38:14","date_gmt":"2018-10-27T11:38:14","guid":{"rendered":"http:\/\/www.iicrai.org\/en\/?page_id=93"},"modified":"2019-06-19T17:08:22","modified_gmt":"2019-06-19T15:08:22","slug":"rfc-2350","status":"publish","type":"page","link":"https:\/\/www.iicrai.org\/fr\/rfc-2350\/","title":{"rendered":"RFC-2350"},"content":{"rendered":"

Version: 1.2
\nDate:<\/strong> Thu, 13 Sept 2018 08h18 UTC\/GMT +0100
\nAuthor:<\/strong> Marc Frederic GOMEZ<\/p>\n

1. Document information<\/strong>
\nThis document contains a description of CSIRT IICRAI according to RFC 2350. It provides basic information about the CSIRT, the ways it can be contacted, describes its responsibilities and the services offered.<\/p>\n

1.1 Date of last update<\/strong>
\nDate: Wed, 18 June 2018 05h35 UTC\/GMT +0100<\/p>\n

1.2 Distribution list for notifications<\/strong>
\nThere is no distribution list for notifications as of 2018<\/p>\n

1.3 Locations where this document may be found<\/strong>
\nThe current version of this document can always be found at https:\/\/www.iicrai.org\/about\/rfc2350\/rfc2350.html<\/a> .<\/p>\n

2. Contact information<\/strong>
\n2.1 Name of the team<\/strong>
\nCSIRT IICRAI<\/p>\n

Computer Security Response Team IICRAI<\/strong>
\n2.2 Address<\/strong>
\nIICRAI
\nCSIRT IICRAI – Attn. Marc F. GOMEZ
\n21 Rue Saint Maurice
\n36600 Valencay
\nFrance<\/p>\n

2.3 Time zone<\/strong>
\nWe are located in the central European timezone (CET) which is GMT+0100<\/p>\n

2.4 Telephone number<\/strong>
\n+33 9 72 65 58 75<\/p>\n

2.5 Facsimile number<\/strong>
\n+33 9 72 65 58 77<\/p>\n

2.6 Other telecommunication<\/strong>
\nNone.<\/p>\n

2.7 Electronic mail address<\/strong>
\nPlease send incident reports to csirt(at)iicrai.org.<\/p>\n

Non-incident related mail should be addressed to contact(at)iicrai.org.<\/p>\n

2.8 Public keys and encryption information<\/strong>
\nKey PGP for csirt(at)iicrai.org
\nKey ID : 7BFF 3F47 0CBA 01B2<\/p>\n

Finger Print : 50FC EBC5 5956 B8E4 3553 248C 7BFF 3F47 0CBA 01B2<\/p>\n

—–BEGIN PGP PUBLIC KEY BLOCK—–<\/p>\n

mQINBFz1iHQBEADD579o21f6rhrhxPzbu3X1PzKlzQfn7zNXeYid8nBORc0lP490
\n2BvNxLUPMK2sZCO1FG8o5wLjby+uOi6mRmYYrH2boKTTZXbL2q+RHuA2y3ykt2mf
\n+KuQzMgOhsZiNWP9rnCWJ8JSvleQ8U0t0uHhX61EpxrF\/8BCbddg\/hXvvuRqQPW2
\nEWhxE0x92mKQiCx0dLu+9N\/Es4Ewg\/O1GJf8QKfZz5EawoMpGeQZs0rY1iyh8uJv
\nvGaftOteP9L7X2uBi1EoSvd\/fZ2nVqhqokCbYid8\/pugM\/rnk2gw\/88t\/p\/J\/lbi
\nG3rtZwmy3na30Y6xV86+oXRPqf7ymeIO+WHVJ4Whmf0vQhA12Wf++Un5HpVp5SZB
\nQEEULyGwPsJP\/TgfVR1pwp1tNI9EMLy0yrDWVT6O58Xtxjs+HyEyXO81NPfSCSFA
\nqzINUefXtGzhDavfRUtGCqmfkVXcBg0qNKrgdCdsHk0P6qLswniWFup1U21x7bez
\n0uk4Ice3vDdgmnulvxXhNGCf2PoRkz0dxAs+FLwhREtgeSAPFuZjU2TdhhmWy8BW
\nowHCK54T5llBcxORrFHQe5HFMG4LItGEzkIztcZCLQjeIqIq1V3hgOHTP+vBGiJj
\nwTLnJsRcL3TJnAKXFUWwmeqqUXGjUYhmhD7AFZVMn32NXhO4KXs6KZW6UQARAQAB
\ntB9DU0lSVCBJSUNSQUkgPGNzaXJ0QGlpY3JhaS5vcmc+iQJOBBMBCAA4FiEEUPzr
\nxVlWuOQ1UySMe\/8\/Rwy6AbIFAlz1iHQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
\nF4AACgkQe\/8\/Rwy6AbI62w\/+IEEoeKX2cx08XmJ6dPeMASoSNryDaEDfcqhACHsV
\naWHAoVIpyJNagZ2forN1iI+uF64MVF4mrY9XDrWX8FV2Gonjx4sjC64E0boS34p7
\nhtMsG3k4JCBN\/kuUvlM8kiiBZbdYS4b4kYwLIiL7T+6X2ZI62kIjB6pQ4tpwUNRR
\nCjwXsFW9uwzuB35HELY5rdGa2WpzV7CZKeBnwVHxzb95XViQs7xWYmSSRkVn8HG1
\ncCL52aqHsMlFhc5UbZzxrbUiq3Qt\/6\/7i5vyXPQ2LwLdOiYfTXeGfMevTQQJGsc0
\nHXsftF6XeT659vTpt3gssspx1gjan7tPd\/mSKBjWhiCu8Z+hB8OrHpyzcCC4++Cj
\nm+sgO7vTxoNrmMNXR7OaBDSo63qfEQ\/tPTzbZpYN7LLhRfneK47Q0uqc\/O4IUVgJ
\nQ3lvtMCN9HfmljEoQ7wOcCaAw67S\/3g27Okun8REUjaDtd4BW1FSu11WMixaLaFo
\nQ7vS7woUq2S\/oqoabsORKmkffrpUCi\/mn4u19zzh5gjosRhB5orsYfxCYpy6UvZr
\nKSwH5pdb7RDA+h0JuAI\/lZ4Nh3u7cuMZ8uFtiLmzauJvykQ0a18Lx0UwDL+Hcxsk
\n6wB3M7KZRR3ovKY2o9YhC1A0YhGFch\/ar77ouV0rnr0Qlt+7KPq9ALvYC20pg1jc
\n5Ra5Ag0EXPWIdAEQAL5m3qe7aFZ6kIIH9njF8VLkiS3yu+utNwzxHNhbfhfq1boE
\nLjNOW85j16Cm2AlO50uTyWpQG87JBwv+LLsk6E6wNXLX0LZSzYnG7QJCaEmAuLws
\niAXD1NixrumQm\/JlV64yKECKzngsnqbyRZ\/hKr1eD20WiXf2Yc5ch4ST6r4Tyms6
\n0C9ofBSC1d+GVbbkKIiUWkZYh9U\/j8+l4pXr67Eg2m9d6m6156phXVghZ3229tlG
\ntnw2x5Fyr22ub8mAcfR3onfyapWMF5KVVq3rxGAkFpxDLjohLTz5DP4XamdwNQ12
\n\/aVCqgd2K6ySkuipUS\/BpfgjTdQDNQb8npwxKLFkod6ySWAgHNXu3R+Te0+IiXN6
\nJ\/P3IxonjqQTcoFZCRMur9DoRwMg+NPNNog3QEqLeenoag6K8hK6QQmVoSw4ofRN
\n3OoXDPp\/tOcnmQ8GGTTtJXSXSGpEZ8ztPHVu7fI4oJvVlyxYJQET0ne\/werr57cM
\nFlde5d20eVgykQnD26nmUt6qTpPbhE8pOBIJEMiIvmeOv3uXRsonVuF88DbSwcXx
\nGjqTyrPplfzpemLaZuFZQJf2ztTn9CY+rp9IeJuDhaUeZHAx2M\/d0HFloXz0E2Xx
\n19UaOH6KECBieASfj+afczyWCmu8eDi1ukZvZhMj3ourWDhpZxEx0MLJ851PABEB
\nAAGJAjYEGAEIACAWIQRQ\/OvFWVa45DVTJIx7\/z9HDLoBsgUCXPWIdAIbDAAKCRB7
\n\/z9HDLoBsveIEACRMlholXi0qm3nlDIfh1vGt1Os4mLM60b\/zEHfuChS3jNccBXa
\nNIDFn\/SVtFnDNaT5Lt0dYdweIeClI5MhldDOENN4BsOGr0QWYFlsmz4GdTydHfuw
\n5ZkVvtQLUMrpU80MSDqdq2vA95bo17lJz+\/FS3VZGwgTgtgT78rhK1qzLNNdMBm6
\ny3XuUCzN37In9cMbunr+4UNTC5AMMSaWETB3YxZRaq1K7bRGGIrBysihHxi\/aYLM
\nBQ5lCBUNLkHV7VhhikppTqeEWFxOzJ+JZ5zPtEDFE1FOumJclP7yHI60gLEhJm8+
\nvyjQJy1C\/1lQUHKKGvvXQ9hgiKGz68pkkkPq44SnXoWJyFI\/xfWgmDF2s\/AdycM\/
\nBXQ19MMODguTciW3bqQu7JFM8Z8EmCBGmJ8F1zplFvanCJ9\/U87ZxBu9q8C0SkBj
\n2+fdV7C3isu0VXvIfoWYEXBivq9+38d1uu1yrvJVKQNSZrvKlo8kTQKXF5cxlwu1
\nQaaOKkWNc6JbkoA2Bi2EMjqlG\/4QEH77dc5Q4zaeiEdWvGfWxOUqWXOz5MdAz\/WI
\nHQzbIImlq9a3uX58iEHNYa1TbFJEbsFonorSG2924a8F48+CWnsF70caRvmWure2
\nUFKbM2VxlBsnxFy39mIggZSDed1C+YsbFwc5wR\/TaEP0NSltgVx0D0Dycw==
\n=qjcB
\n—–END PGP PUBLIC KEY BLOCK—–<\/p>\n

 <\/p>\n

2.9 Team members<\/strong>
\nThe team leader of CSIRT IICRAI is Marc-Frederic Gomez. Other team members are no listed publicly.<\/p>\n

2.10 Other information<\/strong>
\n–
\n2.11 Points of customer contact<\/strong><\/p>\n

The preferred method for contacting CSIRT IICRAI is via e-mail. For incident reports and related issues please use report(at)iicrai.org. This will create a ticket in our tracking system and alert the human on duty. For general inquiries please send e-mail to contact(at)iicrai.org.<\/p>\n

CSIRT IICRAI’s hours of operation are open 24 hours on 7 days CET\/CEST.<\/p>\n

3. Charter<\/strong>
\n3.1 Mission statement<\/strong>
\nThe purpose of CSIRT IICRAI is to coordinate security efforts and incident response for IT-security problems to members association IICRAI\u2019s only.<\/p>\n

3.2 Constituency<\/strong>
\nThe constituency of CSIRT IICRAI is Response team of Institut International de la Coop\u00e9ration sur les Risques li\u00e9s aux attaques informatiques Association de loi 1901 (non-profit Organization).<\/p>\n

Note that usually no direct support will be given to end users; they are expected to contact their CSIRT, CISO or ISP, system administrator, network administrator, or department head for assistance. CSIRT IICRAI will support the latter.<\/p>\n

3.3 Sponsorship and\/or affiliation<\/strong>
\nCSIRT IICRAI is an initiative of IICRAI, Organization with non profit.<\/p>\n

Funding is provided by the board and members donations.<\/p>\n

3.4 Authority<\/strong>
\nThe main purpose of CSIRT IICRAI in incident handling is the coordination of incident response. As such, we can only advise our constituency and have no authority to demand certain actions.<\/p>\n

4. Policies<\/strong>
\n4.1 Types of incidents and level of support<\/strong>
\nCSIRT IICRAI is authorised to address all types of computer security incidents which occur, or threaten to occur, in our constituency (see 3.2) and which require cross-organisational coordination for all members of IICRAI organization only.<\/p>\n

The level of support given by CSIRT IICRAI will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and our resources at the time.<\/p>\n

Special attention will be give to issues affecting critical infrastructure.
\nCSIRT IICRAI is committed to keeping its constituency informed of potential vulnerabilities, and, where possible, will inform this community of such vulnerabilities before they are actively exploited.<\/p>\n

4.2 Co-operation, interaction and disclosure of information<\/strong>
\nCSIRT IICRAI will cooperate with other organisations in the field of computer security. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities.<\/p>\n

Nevertheless CSIRT IICRAI will protect the privacy of reporters, partners and our constituents, and therefore (under normal circumstances) pass on information in an anonymised way only unless other contractual agreements apply.<\/p>\n

CSIRT IICRAI operates under the restrictions imposed by French law. This involves careful handling of personal data as required by French Data Protection law, but it is also possible that – according to French law \u2013 CSIRT IICRAI may be forced to disclose information due to a court order.<\/p>\n

CSIRT IICRAI treats all submitted information as confidential per default, and will only forward it to concerned parties in order to resolve specific incidents when consent is implicit or expressly given.<\/p>\n

4.3 Communication and authentication<\/strong>
\nFor normal communication not containing sensitive information CSIRT IICRAI might use conventional methods like unencrypted e-mail or fax. For secure communication PGP-encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.<\/p>\n

5. Services<\/strong>
\n5.1 Incident response<\/strong>
\nCSIRT IICRAI will assist IT-security teams in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:<\/p>\n

5.1.1. Incident triage<\/strong>
\ndetermining whether an incident is authentic assessing and prioritizing the incident<\/p>\n

5.1.2. Incident coordination<\/strong>
\ndetermine the involved organizations contact the involved organizations to investigate the incident and take the appropriate steps facilitate contact to other parties which can help resolve the incident send reports to other CERTs\/CSIRT with authorization of members<\/p>\n

We mainly see ourselves as information hub which knows where to send the right incident reports to in order to help and facilitate the clean-up of IT security incidents.<\/p>\n

CSIRT IICRAI will always strive to react to incoming incident reports from humans within two business days. Due to current staffing levels this can not be guaranteed, though. If you haven’t received feedback to an incident report after four business days, we ask that you contact us again. Auto-generated reports and data-feeds will be handled as automatically as possible.<\/p>\n

5.1.3. Incident resolution<\/strong>
\nadvise local security members teams on appropriate actions
\nfollow up on the progress of the concerned local security teams ask for reports report back<\/p>\n

5.2 Proactive activities<\/strong>
\nCSIRT IICRAI tries toraise security awareness in its constituency collect contact information of local security members teams publish announcements concerning serious security threats observe current trends in technology distribute relevant knowledge to the constituency provide fora for community building and information exchange within the constituency<\/p>\n

6. Incident reporting forms<\/strong>
\nThere are no local forms available.<\/p>\n

7. Disclaimers<\/strong>
\nWhile every precaution will be taken in the preparation of information, notifications and alerts, CSIRT IICRAI assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.<\/p>\n","protected":false},"excerpt":{"rendered":"

Version: 1.2 Date: Thu, 13 Sept 2018 08h18 UTC\/GMT +0100 Author: Marc Frederic GOMEZ 1. Document information This document contains a description of CSIRT IICRAI according to RFC 2350. It provides basic information about the CSIRT, the ways it can…<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-93","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/pages\/93","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/comments?post=93"}],"version-history":[{"count":27,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/pages\/93\/revisions"}],"predecessor-version":[{"id":325,"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/pages\/93\/revisions\/325"}],"wp:attachment":[{"href":"https:\/\/www.iicrai.org\/fr\/wp-json\/wp\/v2\/media?parent=93"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}