1. Document Information

This document complies with RFC 2350.

1.1. Date of Last Update

This is version 1.0 as of August 12, 2015.

1.2. Distribution List for Notifications

This profile is kept up-to-date in the location specified in section 1.3.
E-mail notification of updates are sent to UU-CSIRT management and investigators.
Please send any questions about updates to the UU-CSIRT team e-mail address: csirt@uu.se.

1.3. Locations where this Document May Be Found

The current version of this profile is available at https://mp.uu.se/web/info/stod/sakerhet/it-sakerhet/RFC2350

2. Contact Information

1. Name of the Team

Full name: Uppsala University Computer Security Incident Response Team.
Short name: UU-CSIRT

2.2. Addresses

2.2.1 Mail address

Uppsala universitet CSIRT
Säkerhetsavdelningen
Box 256
S-751 05 Uppsala
Sweden

2.2.2 Visiting address

Uppsala universitet CSIRT
Säkerhetsavdelningen
Dag Hammarskjölds väg 7
Uppsala
Sweden

2.3. Time Zone

GMT+1 (GMT+2 in Summer Time)

2.4. Telephone Number

UU-CSIRT regular telephone number: +46 18 471 7560
UU-CSIRT emergency telephone number: +46 18 471 2500

2.5. Facsimile Number

N/A

2.6. Other Telecommunication

N/A

2.7. Electronic Mail Address

Please send incident reports that relate to Uppsala University, including copyright issues, spam and abuse to abuse@uu.se.
Non-incident related mail should be addressed to csirt@uu.se.

2.8. Public Keys and Encryption Information

Please encrypt any sensitive e-mail with the UU-CSIRT PGP key with
PGP fingerprint AAB0 C8FD 20A5 6323 5C7D FFAC 70DC 47BE 56D6 4E0C
and send it to csirt@uu.se.

Please sign messages using a key that is verifiable using the public keyserver

2.9. Team Members

No public information is provided about UU-CSIRT team members.

2.10. Other Information

Further information about the UU-CSIRT can be found at https://mp.uu.se/web/info/stod/sakerhet/it-sakerhet.

2.11. Points of Customer Contact

The preferred method for contacting UU-CSIRT is e-mail.

• For general inquiries, please send e-mail to: csirt@uu.se
• For abuse or security issues, please use abuse@uu.se
• For network, server, or service issues, please use csirt@uu.se
• In an emergency, contact UU-CSIRT on +46 18 471 75 60

UU-CSIRT 's hours of operation are generally restricted to regular business hours, or 08:00 to 17:00 Monday to Friday except public holidays.

3. Charter

3.1. Mission Statement

The UU-CSIRT’s mission is to prevent, detect and resolve IT security incidents related to Uppsala University. For the world, UU-CSIRT is the Uppsala University interface with regards to IT security incidents response. All IT security incidents (including abuse) related to Uppsala University can be reported to UU-CSIRT.

3.2. Constituency

Uppsala University with all its organisations, employees and networks.

3.3. Sponsoring Organisation / Affiliation

UU-CSIRT operates with the authority delegated by Uppsala University CSO.

3.4. Authority

UU-CSIRT operates under the supervision of the Uppsala University management. UU-CSIRT coordinates security incidents on behalf of Uppsala University. UU-CSIRT is expected to make operational recommendations or take operational actions in the course of its work in the interest of the IT Security at Uppsala University.

4. Policies

4.1. Types of Incidents and Level of Support

All incidents are considered normal priority.

4.2. Co-operation, Interaction, and Disclosure of Information

All incoming information is handled confidentially by UU-CSIRT and in accordance with Swedish Law.
When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.

UU-CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.trusted-introducer.org/ISTLPv11.pdf); information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication

See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.

5. Services

5.1. Incident Response (Triage, Coordination, and Resolution)

UU-CSIRT can assist system administrators in handling the technical and organisational aspects of computer security incidents.

6. Incident Reporting Forms

Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.

7. Disclaimers

None.