CERT

Established according to RFC-2350.
 
1. Document Information
This document describes the profile (contact information, services, etc.) of Deltion-CERT, the "Computer Emergency Response Team of the Deltion College". The structure of this document is based on RFC 2350.
 
1.1. Date of Last Update
This is the final version 1.1 of 29-10-2019. 
1.2. Distribution List for Notifications
This profile is kept up-to-date on the location specified in 1.3 .
E-mail notification of updates are sent to: Any questions about updates please address to the Deltion-CERT e-mail address.
 
1.3. Locations where this Document May Be Found
The current version of this profile is always available on http://www.deltion.nl/cert.
 
 
2. Contact Information
 
2.1. Name of the Team
Deltion-CERT is the CERT or CSIRT/SCIRT team for the Deltion College in The Netherlands .
 
2.2. Address
Deltion College
Deltion-CERT
Internal:
Kamer Bordeaux 1.001
Mozartlaan 15
8031 AA  Zwolle
External:
Postbus 565
8000 AN  Zwolle
The Netherlands
 
2.3. Time Zone
GMT+1 (GMT+2 with DST or Summer Time, which starts on the last Sunday in March and ends on the last Sunday in October)
 
2.4. Telephone Number
+31 38 8534100      
 
2.5. Facsimile Number
+31 38 8503001 
Note: this is not a secure fax, please specify if it’s urgent.
 
2.6. Other Telecommunication
Not available.
 
2.7. Electronic Mail Address
[email protected]
This address can be used to report all security incidents to which relate to the Deltion-CERT constituency, including copyright issues, spam and abuse.
 
2.9. Team Members
No information is provided about the Deltion-CERT team members in public.
 
2.10. Other Information
  • See the Deltion-CERT webpages http://www.deltion.nl/cert . Deltion-CERT is registered by SURFcert.
 
2.11. Points of Customer Contact
Regular cases: use Deltion-CERT e-mail address.
Regular response hours: Monday-Sunday, 08:00-22:00.
EMERGENCY cases: send e-mail with EMERGENCY in the subject line.
 
3. Charter
 
3.1. Mission Statement
The mission of Deltion-CERT is resolve IT security incidents related to their constituency (see 3.2), and to help prevent such incidents from occurring.
 
3.2. Constituency
The constituency for Deltion-CERT is the Deltion College in the Netherlands, their employees and students.
Deltion-CERT offers full service for the following domains:
deltion.nl    
deltionplein.nl       
deltionrallysport.nl                              
deltionrondevanholtenbroek.nl                            
eduapps.nl
mijndeltion.eu       
mijndeltion.nl                                    
mydeltion.eu                                    
mydeltion.nl                                     
sciencexperience.eu                                  
stichtingdeltioncollege.nl                                     
werkenbijdeltion.nl                                     
wikideltion.nl
 
IP-range: 195.169.9.0/24
IP-range: 195.169.15.0/24
IPv6 range: 2001:0610:0478::/48
 
3.3. Sponsorship and/or Affiliation
Deltion-CERT is part of the Deltion College.
 
3.4. Authority
The team resolves security incidents on behalf of their constituency. In order to achieve this, the team can block or filter addresses or networks.
 
4. Policies
 
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY. Deltion-CERT itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to Deltion-CERT as EMERGENCY, but it is up to Deltion-CERT to decide whether or not to uphold that status.
 
 
4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information is handled confidentially by Deltion-CERT, regardless of its priority.
 
Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well.
 
Deltion-CERT supports the Information Sharing Traffic Light Protocol (ISTLP – see https://www.trusted-introducer.org/ISTLPv11.pdf) - information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
 
Deltion-CERT will use the information you provide to help solve security incidents, as all CERTs do. This means  that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymized fashion.
 
If you object to this default behavior of Deltion-CERT, please make explicit what Deltion-CERT can do with the information you provide. Deltion-CERT will adhere to your policy, but will also point out to you if that means that Deltion-CERT cannot act on the information provided.
 
Deltion-CERT does not report incidents to law enforcement, unless national law requires so. Likewise, Deltion-CERT  only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that Deltion-CERT cooperates in an investigation. When a court order is absent, Deltion-CERT will only provide information on a need-to-know base.
 
4.3. Communication and Authentication
In cases where there is doubt about the authenticity of information or its source, Deltion-CERT reserves the right to authenticate this by any (legal) means.
 
 
5. Services
 
5.1. Incident Response (Triage, Coordination and Resolution)
Deltion-CERT is responsible for the resolution of security incidents somehow involving their constituency (as defined in 3.2). Deltion-CERT therefore handles both the triage and coordination aspects. Incident resolution is shared with the responsible administrators within the constituency – and Deltion-CERT will offer support and advice on request.
 
5.2. Proactive Activities
Deltion-CERT pro-actively advises their constituency in regard to recent vulnerabilities and trends in hacking/cracking.
Deltion-CERT advises the Deltion College on matters of computer and network security. It can do so pro-actively in urgent cases, or on request.
Both roles are roles of consultancy: Deltion-CERT is not responsible for implementation.
 
6. Incident reporting Forms
Not available. Preferably report in plain text using e-mail - or use the phone.
 
7. Disclaimers
None.