1. Document Information
This document describes the profile (contact information, services, etc.) of Deltion-CERT, the "Computer Emergency Response Team of the Deltion College". The structure of this document is based on RFC 2350.
1.1. Date of Last Update
This is the final version 1.1 of 29-10-2019.
1.2. Distribution List for Notifications
This profile is kept up-to-date on the location specified in 1.3 .
E-mail notification of updates are sent to:
Any questions about updates please address to the Deltion-CERT e-mail address.
1.3. Locations where this Document May Be Found
The current version of this profile is always available on http://www.deltion.nl/cert.
2. Contact Information
2.1. Name of the Team Deltion-CERT is the CERT or CSIRT/SCIRT team for the Deltion College in The Netherlands .
2.2. Address Deltion College Deltion-CERT
Internal: Kamer Bordeaux 1.001 Mozartlaan 15 8031 AA Zwolle
External: Postbus 565 8000 AN Zwolle The Netherlands
2.3. Time Zone
GMT+1 (GMT+2 with DST or Summer Time, which starts on the last Sunday in March and ends on the last Sunday in October)
2.4. Telephone Number +31 38 8534100
2.5. Facsimile Number +31 38 8503001
Note: this is not a secure fax, please specify if it’s urgent.
2.6. Other Telecommunication
2.7. Electronic Mail Address firstname.lastname@example.org
This address can be used to report all security incidents to which relate to the Deltion-CERT constituency, including copyright issues, spam and abuse.
2.9. Team Members
No information is provided about the Deltion-CERT team members in public.
2.10. Other Information
See the Deltion-CERT webpages http://www.deltion.nl/cert.Deltion-CERT is registered by SURFcert.
2.11. Points of Customer Contact
Regular cases: use Deltion-CERT e-mail address.
Regular response hours: Monday-Sunday, 08:00-22:00.
EMERGENCY cases: send e-mail with EMERGENCY in the subject line.
3.1. Mission Statement
The mission of Deltion-CERT is resolve IT security incidents related to their constituency (see 3.2), and to help prevent such incidents from occurring.
The constituency for Deltion-CERT is the Deltion College in the Netherlands, their employees and students. Deltion-CERT offers full service for the following domains:
3.3. Sponsorship and/or Affiliation Deltion-CERT is part of the Deltion College.
3.4. Authority The team resolves security incidents on behalf of their constituency. In order to achieve this, the team can block or filter addresses or networks.
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY. Deltion-CERT itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to Deltion-CERT as EMERGENCY, but it is up to Deltion-CERT to decide whether or not to uphold that status.
4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information is handled confidentially by Deltion-CERT, regardless of its priority.
Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well.
Deltion-CERT will use the information you provide to help solve security incidents, as all CERTs do. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymized fashion.
If you object to this default behavior of Deltion-CERT, please make explicit what Deltion-CERT can do with the information you provide. Deltion-CERT will adhere to your policy, but will also point out to you if that means that Deltion-CERT cannot act on the information provided.
Deltion-CERT does not report incidents to law enforcement, unless national law requires so. Likewise, Deltion-CERT only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that Deltion-CERT cooperates in an investigation. When a court order is absent, Deltion-CERT will only provide information on a need-to-know base.
4.3. Communication and Authentication
In cases where there is doubt about the authenticity of information or its source, Deltion-CERT reserves the right to authenticate this by any (legal) means.
5.1. Incident Response (Triage, Coordination and Resolution) Deltion-CERT is responsible for the resolution of security incidents somehow involving their constituency (as defined in 3.2). Deltion-CERT therefore handles both the triage and coordination aspects. Incident resolution is shared with the responsible administrators within the constituency – and Deltion-CERT will offer support and advice on request.
5.2. Proactive Activities Deltion-CERT pro-actively advises their constituency in regard to recent vulnerabilities and trends in hacking/cracking. Deltion-CERT advises the Deltion College on matters of computer and network security. It can do so pro-actively in urgent cases, or on request.
Both roles are roles of consultancy: Deltion-CERT is not responsible for implementation.
6. Incident reporting Forms
Not available. Preferably report in plain text using e-mail - or use the phone.