1. Document Information
1.1 Date of Last Update
February 4, 2024
Version 1.0
1.2 Distribution List for Notifications
This profile is kept up-to-date on the location specified in section 1.3.
E-mail notifications of updates are sent to the Trusted Introducer for CERTs in Europe (see https://www.trusted-introducer.org/).
1.3 Locations Where This Document May Be Found
The current version of this document:
https://www.uio.no/english/services/it/security/cert/rfc2350.html
2 Contact Information
2.1 Name of the Team
UiO-CERT, The University of Oslo, Norway
2.2 Postal Address
https://www.uio.no/english/services/it/security/cert/contact/index.html
USIT/UiO-CERT
PB 1059 Blindern
0316 Oslo
Norway
2.3 Time Zone
UiO-CERT is located in Oslo, Norway. Nominally CET (UTC +1), CEST (UTC +2) during daylight saving time.
2.4 Telephone number
+47 22 84 09 11
2.5 Facsimile number
Not applicable.
2.6 Other telecommunication
Not applicable.
2.7 Electronic mail address
Main e-mail address is cert@uio.no
2.8 Public keys and encryption information
UiO-CERT PGP key: https://www.uio.no/english/services/it/security/cert/cert@uio.no.pub.gpg.asc
2.9 Team members
No public information is provided about UiO-CERT members.
2.10 Other information
For additional information about how to contact UiO-CERT:
https://www.uio.no/english/services/it/security/cert/contact/index.html
UiO-CERT is a member of FIRST:
https://www.first.org/members/teams/uio-cert
UiO-CERT is a TF-CSIRT member, Accredited by Trusted Introducer:
https://www.trusted-introducer.org/directory/teams/uio-cert.html
3 Points of Customer Contact
E-mail is the preferred method for contacting UiO-CERT.
-
E-mail address: cert@uio.no
-
Telephone during business hours (08:00–17:00 CET/CEST Monday–Friday): +47 22 84 00 04
-
Telephone for time-critical emergencies outside business hours: +47 22 84 09 11
4 Charter
4.1 Mission Statement
- UiO-CERT handles IT-related security incidents, such as virus, break-ins and vulnerabilities for the constituency
- UiO-CERT enforces the AUP (acceptable use-policy) and the The rules and procedures in the IT security handbook (in Norwegian)
- UiO-CERT provides services to the University of Oslo, our partners, and other CSIRTs. The list of services is revised and updated regularly, and can be found below.
- UiO-CERT is the hub of information in security related issues.
4.2 Constituency
Generally the constituency is the University of Oslo and cooperating partners/groups, which is at least uio.no
(AS 224)
4.3 Sponsorship and/or Affiliation
UiO-CERT is a part of the IT-department at the University of Oslo
4.4 Authority
UiO-CERT has the authority to take relevant countermeasures to prevent and handle incidents in our constituency.
5 Policies
5.1 Types of Incidents and Level of Support
UiO-CERT will assess incidents based on severity and impact on the constituency.
5.2 Co-operation, Interaction and Disclosure of Information
Classification
Sensitive information encompasses sensitive personal data, as defined by relevant privacy legislation, and business confidential information. All information related to security incidents is considered sensitive, unless all concerned parties specifically state otherwise.
Non-sensitive information consists of publicly available (open) information.
Information handling
Sensitive information is stored and communicated securely. Sensitive information brought to the team’s knowledge may be distributed amongst the UiO-CERT team members. Members of UiO-CERT are subject to explicit non-disclosure agreements regarding all sensitive information.
Information disclosure
In order to investigate and resolve security incidents, incident related information may be released to appropriate parties on a strictly need-to-know basis, and preferably anonymized. Non-sensitive information may be distributed to the general public on a need-to-know basis.
Legal considerations
UiO-CERT will in general cooperate with law enforcement authorities during investigation of possible criminal activity relevant to our constituency, and providing e.g. event and system logs. Sensitive information can be handed over to relevant authorities following a court order.
Traffic Light Protocol (TLP)
UiO-CERT supports the Traffic Light Protocol v2.0, and all labelled information will be handled in accordance with https://www.first.org/tlp.
5.3 Communication and Authentication
See 2.8 above.
UiO-CERT uses PGP/GPG to ensure the confidentiality and integrity of sensitive information. Normally, all information provided by UiO-CERT is digitally signed with the team key, and sensitive information is encrypted. It is highly recommended to use PGP/GPG in all cases where sensitive information is involved. Norwegian authorities do not enforce restrictions on key sizes or the use of cryptography, and there are no key escrow requirements.
6 Services
6.1 Incident Response
6.1.1 Incident Triage
-
Investigating whether indeed an incident occurred.
-
Determining the extent of the incident.
6.1.2 Incident Coordination
-
Correlate indicators from detection vectors with other central or customer-specific information sources.
-
Contact other members of the constituency that may be involved in the incident or exposed to the particular threat.
-
Compose announcements to end users, if applicable.
-
Share information with other CSIRTs, if applicable.
-
Contribute to determining the initial cause of the incident.
6.1.3 Incident Resolution
For internal incidents, the following relevant steps are taken:
- Remove the vulnerability.
-
Secure the system from the effects of the incident.
-
Collect evidence after the fact, if applicable.
-
Take appropriate countermeasures to protect against recurring incidents.
-
Wrap-up, lessons learned.
6.2 Proactive Activities
- Sending out announcements and vulnerability bulletins
- Technology watch
- Vulnerability watch
- Log parsing, detection and analysis
- Other security related matters, independent of product and platform
- Training; internally and for cooperating partners
7 Disclaimers
None.