Languages

RFC-2350

Version: 1.2
Date: Thu, 13 Sept 2018 08h18 UTC/GMT +0100
Author: Marc Frederic GOMEZ

1. Document information
This document contains a description of CSIRT IICRAI according to RFC 2350. It provides basic information about the CSIRT, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of last update
Date: Wed, 18 June 2019 05h35 UTC/GMT +0100

1.2 Distribution list for notifications
There is no distribution list for notifications as of 2018

1.3 Locations where this document may be found
The current version of this document can always be found at https://www.iicrai.org/about/rfc2350/rfc2350.html .

2. Contact information
2.1 Name of the team
CSIRT IICRAI

Computer Security Response Team IICRAI
2.2 Address
IICRAI
CSIRT IICRAI – Attn. Marc F. GOMEZ
21 Rue Saint Maurice
36600 Valencay
France

2.3 Time zone
We are located in the central European timezone (CET) which is GMT+0100

2.4 Telephone number
+33 9 72 65 58 75

2.5 Facsimile number
+33 9 72 65 58 77

2.6 Other telecommunication
None.

2.7 Electronic mail address
Please send incident reports to csirt(at)iicrai.org.

Non-incident related mail should be addressed to contact(at)iicrai.org.

2.8 Public keys and encryption information
Key PGP for csirt(at)iicrai.org
Key ID : 7BFF 3F47 0CBA 01B2

Finger Print : 50FC EBC5 5956 B8E4 3553 248C 7BFF 3F47 0CBA 01B2

—–BEGIN PGP PUBLIC KEY BLOCK—–

mQINBFz1iHQBEADD579o21f6rhrhxPzbu3X1PzKlzQfn7zNXeYid8nBORc0lP490
2BvNxLUPMK2sZCO1FG8o5wLjby+uOi6mRmYYrH2boKTTZXbL2q+RHuA2y3ykt2mf
+KuQzMgOhsZiNWP9rnCWJ8JSvleQ8U0t0uHhX61EpxrF/8BCbddg/hXvvuRqQPW2
EWhxE0x92mKQiCx0dLu+9N/Es4Ewg/O1GJf8QKfZz5EawoMpGeQZs0rY1iyh8uJv
vGaftOteP9L7X2uBi1EoSvd/fZ2nVqhqokCbYid8/pugM/rnk2gw/88t/p/J/lbi
G3rtZwmy3na30Y6xV86+oXRPqf7ymeIO+WHVJ4Whmf0vQhA12Wf++Un5HpVp5SZB
QEEULyGwPsJP/TgfVR1pwp1tNI9EMLy0yrDWVT6O58Xtxjs+HyEyXO81NPfSCSFA
qzINUefXtGzhDavfRUtGCqmfkVXcBg0qNKrgdCdsHk0P6qLswniWFup1U21x7bez
0uk4Ice3vDdgmnulvxXhNGCf2PoRkz0dxAs+FLwhREtgeSAPFuZjU2TdhhmWy8BW
owHCK54T5llBcxORrFHQe5HFMG4LItGEzkIztcZCLQjeIqIq1V3hgOHTP+vBGiJj
wTLnJsRcL3TJnAKXFUWwmeqqUXGjUYhmhD7AFZVMn32NXhO4KXs6KZW6UQARAQAB
tB9DU0lSVCBJSUNSQUkgPGNzaXJ0QGlpY3JhaS5vcmc+iQJOBBMBCAA4FiEEUPzr
xVlWuOQ1UySMe/8/Rwy6AbIFAlz1iHQCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC
F4AACgkQe/8/Rwy6AbI62w/+IEEoeKX2cx08XmJ6dPeMASoSNryDaEDfcqhACHsV
aWHAoVIpyJNagZ2forN1iI+uF64MVF4mrY9XDrWX8FV2Gonjx4sjC64E0boS34p7
htMsG3k4JCBN/kuUvlM8kiiBZbdYS4b4kYwLIiL7T+6X2ZI62kIjB6pQ4tpwUNRR
CjwXsFW9uwzuB35HELY5rdGa2WpzV7CZKeBnwVHxzb95XViQs7xWYmSSRkVn8HG1
cCL52aqHsMlFhc5UbZzxrbUiq3Qt/6/7i5vyXPQ2LwLdOiYfTXeGfMevTQQJGsc0
HXsftF6XeT659vTpt3gssspx1gjan7tPd/mSKBjWhiCu8Z+hB8OrHpyzcCC4++Cj
m+sgO7vTxoNrmMNXR7OaBDSo63qfEQ/tPTzbZpYN7LLhRfneK47Q0uqc/O4IUVgJ
Q3lvtMCN9HfmljEoQ7wOcCaAw67S/3g27Okun8REUjaDtd4BW1FSu11WMixaLaFo
Q7vS7woUq2S/oqoabsORKmkffrpUCi/mn4u19zzh5gjosRhB5orsYfxCYpy6UvZr
KSwH5pdb7RDA+h0JuAI/lZ4Nh3u7cuMZ8uFtiLmzauJvykQ0a18Lx0UwDL+Hcxsk
6wB3M7KZRR3ovKY2o9YhC1A0YhGFch/ar77ouV0rnr0Qlt+7KPq9ALvYC20pg1jc
5Ra5Ag0EXPWIdAEQAL5m3qe7aFZ6kIIH9njF8VLkiS3yu+utNwzxHNhbfhfq1boE
LjNOW85j16Cm2AlO50uTyWpQG87JBwv+LLsk6E6wNXLX0LZSzYnG7QJCaEmAuLws
iAXD1NixrumQm/JlV64yKECKzngsnqbyRZ/hKr1eD20WiXf2Yc5ch4ST6r4Tyms6
0C9ofBSC1d+GVbbkKIiUWkZYh9U/j8+l4pXr67Eg2m9d6m6156phXVghZ3229tlG
tnw2x5Fyr22ub8mAcfR3onfyapWMF5KVVq3rxGAkFpxDLjohLTz5DP4XamdwNQ12
/aVCqgd2K6ySkuipUS/BpfgjTdQDNQb8npwxKLFkod6ySWAgHNXu3R+Te0+IiXN6
J/P3IxonjqQTcoFZCRMur9DoRwMg+NPNNog3QEqLeenoag6K8hK6QQmVoSw4ofRN
3OoXDPp/tOcnmQ8GGTTtJXSXSGpEZ8ztPHVu7fI4oJvVlyxYJQET0ne/werr57cM
Flde5d20eVgykQnD26nmUt6qTpPbhE8pOBIJEMiIvmeOv3uXRsonVuF88DbSwcXx
GjqTyrPplfzpemLaZuFZQJf2ztTn9CY+rp9IeJuDhaUeZHAx2M/d0HFloXz0E2Xx
19UaOH6KECBieASfj+afczyWCmu8eDi1ukZvZhMj3ourWDhpZxEx0MLJ851PABEB
AAGJAjYEGAEIACAWIQRQ/OvFWVa45DVTJIx7/z9HDLoBsgUCXPWIdAIbDAAKCRB7
/z9HDLoBsveIEACRMlholXi0qm3nlDIfh1vGt1Os4mLM60b/zEHfuChS3jNccBXa
NIDFn/SVtFnDNaT5Lt0dYdweIeClI5MhldDOENN4BsOGr0QWYFlsmz4GdTydHfuw
5ZkVvtQLUMrpU80MSDqdq2vA95bo17lJz+/FS3VZGwgTgtgT78rhK1qzLNNdMBm6
y3XuUCzN37In9cMbunr+4UNTC5AMMSaWETB3YxZRaq1K7bRGGIrBysihHxi/aYLM
BQ5lCBUNLkHV7VhhikppTqeEWFxOzJ+JZ5zPtEDFE1FOumJclP7yHI60gLEhJm8+
vyjQJy1C/1lQUHKKGvvXQ9hgiKGz68pkkkPq44SnXoWJyFI/xfWgmDF2s/AdycM/
BXQ19MMODguTciW3bqQu7JFM8Z8EmCBGmJ8F1zplFvanCJ9/U87ZxBu9q8C0SkBj
2+fdV7C3isu0VXvIfoWYEXBivq9+38d1uu1yrvJVKQNSZrvKlo8kTQKXF5cxlwu1
QaaOKkWNc6JbkoA2Bi2EMjqlG/4QEH77dc5Q4zaeiEdWvGfWxOUqWXOz5MdAz/WI
HQzbIImlq9a3uX58iEHNYa1TbFJEbsFonorSG2924a8F48+CWnsF70caRvmWure2
UFKbM2VxlBsnxFy39mIggZSDed1C+YsbFwc5wR/TaEP0NSltgVx0D0Dycw==
=qjcB
—–END PGP PUBLIC KEY BLOCK—–

 

2.9 Team members
The team leader of CSIRT IICRAI is Marc-Frederic Gomez. Other team members are no listed publicly.

2.10 Other information

2.11 Points of customer contact

The preferred method for contacting CSIRT IICRAI is via e-mail. For incident reports and related issues please use report(at)iicrai.org. This will create a ticket in our tracking system and alert the human on duty. For general inquiries please send e-mail to contact(at)iicrai.org.

CSIRT IICRAI’s hours of operation are open 24 hours on 7 days CET/CEST.

3. Charter
3.1 Mission statement
The purpose of CSIRT IICRAI is to coordinate security efforts and incident response for IT-security problems to members association IICRAI’s only.

3.2 Constituency
The constituency of CSIRT IICRAI is Response team of Institut International de la Coopération sur les Risques liés aux attaques informatiques Association de loi 1901 (non-profit Organization).

Note that usually no direct support will be given to end users; they are expected to contact their CSIRT, CISO or ISP, system administrator, network administrator, or department head for assistance. CSIRT IICRAI will support the latter.

3.3 Sponsorship and/or affiliation
CSIRT IICRAI is an initiative of IICRAI, Organization with non profit.

Funding is provided by the board and members donations.

3.4 Authority
The main purpose of CSIRT IICRAI in incident handling is the coordination of incident response. As such, we can only advise our constituency and have no authority to demand certain actions.

4. Policies
4.1 Types of incidents and level of support
CSIRT IICRAI is authorised to address all types of computer security incidents which occur, or threaten to occur, in our constituency (see 3.2) and which require cross-organisational coordination for all members of IICRAI organization only.

The level of support given by CSIRT IICRAI will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and our resources at the time.

Special attention will be give to issues affecting critical infrastructure.
CSIRT IICRAI is committed to keeping its constituency informed of potential vulnerabilities, and, where possible, will inform this community of such vulnerabilities before they are actively exploited.

4.2 Co-operation, interaction and disclosure of information
CSIRT IICRAI will cooperate with other organisations in the field of computer security. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities.

Nevertheless CSIRT IICRAI will protect the privacy of reporters, partners and our constituents, and therefore (under normal circumstances) pass on information in an anonymised way only unless other contractual agreements apply.

CSIRT IICRAI operates under the restrictions imposed by French law. This involves careful handling of personal data as required by French Data Protection law, but it is also possible that – according to French law – CSIRT IICRAI may be forced to disclose information due to a court order.

CSIRT IICRAI treats all submitted information as confidential per default, and will only forward it to concerned parties in order to resolve specific incidents when consent is implicit or expressly given.

4.3 Communication and authentication
For normal communication not containing sensitive information CSIRT IICRAI might use conventional methods like unencrypted e-mail or fax. For secure communication PGP-encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.

5. Services
5.1 Incident response
CSIRT IICRAI will assist IT-security teams in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1. Incident triage
determining whether an incident is authentic assessing and prioritizing the incident

5.1.2. Incident coordination
determine the involved organizations contact the involved organizations to investigate the incident and take the appropriate steps facilitate contact to other parties which can help resolve the incident send reports to other CERTs/CSIRT with authorization of members

We mainly see ourselves as information hub which knows where to send the right incident reports to in order to help and facilitate the clean-up of IT security incidents.

CSIRT IICRAI will always strive to react to incoming incident reports from humans within two business days. Due to current staffing levels this can not be guaranteed, though. If you haven’t received feedback to an incident report after four business days, we ask that you contact us again. Auto-generated reports and data-feeds will be handled as automatically as possible.

5.1.3. Incident resolution
advise local security members teams on appropriate actions
follow up on the progress of the concerned local security teams ask for reports report back

5.2 Proactive activities
CSIRT IICRAI tries toraise security awareness in its constituency collect contact information of local security members teams publish announcements concerning serious security threats observe current trends in technology distribute relevant knowledge to the constituency provide fora for community building and information exchange within the constituency

6. Incident reporting forms
There are no local forms available.

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CSIRT IICRAI assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.