RFC2350 CSIRT-KNAW

(Computer Security Incident Response Team for the Royal Netherlands Academy of Arts and Sciences) (Search terms: cert, csirt, information, security, incident, response, team, KNAW, knaw, abuse, cert-knaw, knawcert, csirt-knaw, knaw-csirt)

1 Document Information

1.1 Date of last update

This is version 1.0, 6 June 2021

1.2 Distribution list for notifications

The current version of this document can be found here. This document will not actively be distributed.

1.3 Locations where this document may be found

The current version of this document can be found here.

2 Contact Information

2.1 Name of the team

The name of the team is CSIRT-KNAW.

2.2 Address

CSIRT-KNAW
P.O. Box 19121
1000 GC Amsterdam
The Netherlands

2.3 Time Zone

GMT+1;GMT+2 with DST according to EC rules.

2.4 Telephone number

+31 88 003 4600 (within  the Netherlands 088 003 4600)

2.5 Facsimile number

Not available

2.6 Other telecommunication

Not available

2.7 Electronic mail address

2.8 Public keys and encryption information

Not yet available

2.9 Team members

The CSIRT-KNAW team members are recruited from the IT professionals within the KNAW.

2.10 Other information

Not available

2.11 Points of customer contact

Normal cases: CSIRT@knaw.nl or +31 88 003 4600, Business hours (8.30 a.m. – 5.30 p.m., Monday-Friday excluding public holidays), response within 24 hours.
Emergency: Call +31 6 1293 3184 and send an e-mail stating detailed information to CSIRT@knaw.nl.
Start the subject field with "EMERGENCY". Emergency incidents (at the discretion of the CSIRT) receive immediate attention during business hours. Outside business hours emergency calls are treated with "best effort", depending on the availability of members of the CSIRT.

3 Charter

3.1 Mission statement

The mission of the CSIRT-KNAW is to coordinate the resolution of information security incidents related to the KNAW and to help the prevention and detection of such incidents.
All information security incidents related to the KNAW can be reported to CSIRT-KNAW.

3.2 Constituency

KNAW (Royal Netherlands Academy of Arts and Sciences), including all its institutes, its employees and other users of its ICT infrastructure.

Internet domains: knaw.nl, fryske-akademy.nl, herseninstituut.nl, nin.nl, hubrecht.eu, iisg.nl, iisg.amsterdam, socialhistory.org, kitlv.nl, nidi.nl, niod.nl, rathenau.nl, spinozacentre.nl

3.3 Sponsorship and/or affiliation

CSIRT-KNAW is part of the KNAW operations.

3.4 Authority

CSIRT-KNAW registers information security incidents and coordinates the resolution of all incidents related to the KNAW. CSIRT-KNAW may offer advice on the resolution of the incidents and how to prevent those incidents in the future. The implementation of those recommendations is not within the authority and therefore not a responsibility of the CSIRT team.

4 Policies

4.1 Types of incidents and level of support

Normal cases: Business hours (8.30 a.m. – 5.30 p.m., Monday-Friday excluding public holidays), response within 24 hours.
Emergency cases: At the discretion of the CSIRT, receive immediate attention during business hours. Outside business hours emergency calls are treated on basis "best effort", depending on the availability of members of the CSIRT.

4.2 Cooperation, interaction and disclosure of information

All incoming information is handled confidentially.
Highly confidential information is communicated with encryption.
All information is shared based on "need to know".
All members of the CSIRT are bound by a signed "non-disclosure agreement"
Information regarding incidents that may have legal consequences is shared with the legal advisor of the KNAW. The board of directors will decide if (and how) information should be shared with Dutch law enforcement agencies.

4.3 Communication and authentication

PGP for signing and encryption of e-mail messages is not yet implemented.

5 Services

5.1 Prevention

CSIRT-KNAW offers advice on information security related matters regarding the constituency. The implementation of these recommendations is at the discretion of the management in question. The CSIRT site will support end-users with "best practices" for information security.

5.2 Detection

Detection will probably mostly be triggered by incidents reported to the CSIRT. The CSIRT can use information of the intrusion detection and logging systems in use and managed by the corporate IT support organisation.

5.3 Resolution

The CSIRT will coordinate and trace the resolution of information security incidents. The CSIRT may offer advice on the resolution and prevention of incidents. Implementation and resolution of incidents fall under the authority of the management in question.

5.4 Post processing

The CSIRT will track the resolution of incidents and will register incidents in its incident registration system for analysis and reporting purposes.

6 Incident reporting forms

None available

7 Disclaimers

----