Cybersecurity - CSiRT

CSiRT.UAlg is the computer and network security incident response team at UAlg.

Mission

The CSiRT.UAlg team's mission is to promote a culture of computer security in the UALG academic community by the means of awareness raising, advisement and response and acting upon computer security incidents detected internally at UAlg or reported by other computer security incident response teams belonging to academic and national networks.

Services

  • Treatment (identification, contention and resolution) of computer security incidents reported by the UAlg academic community
  • Treatment and response to computer security incidents reported by other CSIRT teams
  • Training and awareness raising on global cybersecurity problem an the associated risks to all academic community members
  • Cooperation with the IT University Services and specifically with the SOC (Security Operation Center)team on best practices and policy creation and definitions

RFC Norm - 2350

This document describes the Algarve University security incident response service , based on RFC2350.

1.1 Date of last update

Version 0.1 published on 2021/07/01

1.2 Distribution lists

No existing distribution channels for present document change notification.

1.3 Location of Document

The current version of this document is available at https://www.ualg.pt/en/cybersecurity-csirt

1.4 Document Authenticity

The PGP digitally signed document of the ASCII version is available at https://www.ualg.pt/en/cybersecurity-csirt

The CSiRT.UALG PGP public key used to sign this document is given on item number 2.8. 

2.1 Name of CSIRT

CSiRT.UALG– Computer Security Incident Response Team of Algarve University

2.2 Address

CSIRT.UALG

Universidade do Algarve

Campus da Penha, 8005-139 Faro

Portugal

2.3 Time Zone

Portugal/WEST (GMT+0, GMT+1 Summer time)

2.4 Telephone

+351 289 244 450 (schedule: 09:00 - 18:00).

2.6 Other telecommunication

Non existent.

2.7 Eletronic mail address

csirt@ualg.pt (Email address for cybersecurity incident reports and other matters related do CSiRT.UALG.)

2.8 Public keys and encryption

User ID: CSIRT UALG <csirt@ualg.pt>

Key ID: 0x8DF82FC1 Key type: RSA

Key size: 4096 Expires: 2024-06-29

Fingerprint: 46B0 1678 F83B 2204 4C5B 7A9D 5902 5A49 8DF8 2FC1

Available at https://www.ualg.pt/sites/default/files/documentos/2021-06/pgp-csirt-ualg-pub.txt

2.9 Team members

Coordinator: Júlio Fernandes

Members: Maria José Nobre, Joel Guerreiro, Luís Rodrigues

2.10 Additional contact info

More information about CSiRT.UALG can be found at https://www.ualg.pt/en/cybersecurity-csirt

2.11 Contact information for users

CSiRT.UALG has contact information available as stated on item numbers 2.4 and 2.6

Telephone +351 289 244 450

3.1 Mission Statement

The CSiRT.UAlg team's mission is to promote a culture of computer security in the UALG academic community by the means of awareness raising, advisement and response and acting upon computer security incidents detected internally at UAlg or reported by other computer security incident response teams belonging to academic and national networks.

3.2 Constituency

CSiRT.UALG answers computer security incidents in the scope of the Algarve University academic community.

The domain name and IP address classes in the scope of action of the CSiRT.UALG are:

Domain Names:

ualg.pt

Address Classes:

PV4

193.136.224.0/24

193.136.225.0/24

193.136.226.0/24

193.136.227.0/24

193.136.228.0/24

194.210.248.0/21

IPV6

2001:690:2050::/48

3.3 Sponsoring

The CsiRT.UALG is sponsored by the Algarve University's rector Office by official appointment in a rector communication.

3.4 Authority

CSiRT.UALG was appointed by the Algarve University's Rector Office by rector communication with the following defined competences:

  • Proactively respond to cybersecurity incidents
  • Interact accordingly with other national cybersecurity bodies
  • Promote the participation of CSiRT.UALG in national CSIRT and CERT networks
  • Contribute to making and maintaining UALG IT security policies

4.1 Types of Incidents and Level of Support

CSiRT.UALG addresses incidents of computer security nature, namely of intrusion or attempt of intrusion, malicious code, service availability, information theft, data security, fraud, abusive content, social engineering, vulnerabilities, etc.

4.2 Cooperation, Interaction and Disclosure of Information

CSiRT.UALG's data protection and privacy policy foresees that sensitive data that may only be passed on to third parties in case of a need to know situation, with prior consent from the data subjects or entity to whom that information belongs to.

4.3 Communication and Authentication

For the transmission of non sensitive information, from the CsiRT.UALG's available means of communication, the use of telephone and email is considered sufficient. For the transmission of sensitive data, the use of PGP encoding is mandatory.

5.1 Incident Response

CSiRT.UALG foresees supporting system administrators in the technical and organizational aspects of managing incidents. Advice and assistance can be provided  for the following aspects of incident management:

5.1.1 Incident Triage

  • Determining when an incident is real and authentic
  • Evaluating the extension of incident impact

5.1.2 Incident Coordination

  • Determine initial cause of incident and the namely explored vulnerability
  • Identify and contact evolved organizations in order to investigate the incident and take adequate measures 
  • Facilitate communication with third parties that can help resolving the incident 
  • Send reports to other CERTs

5.1.3 Incident Resolation

  • Support and advise local system and network administration teams on adequate actions to take in order to contain the incident  
  • Follow up on system and network administration teams progress relative to security recovery post incident resolution
  • Incident evidence collection during and after its containment and resolution
  • Request system and network administration teams for reports on incident resolution
  • Respond to third party entities requests on incident resolution 
  • CSiRT.UALG will also collect statistical information within the context of its constituency.

5.2 Proactive Activities

CSiRT.UALG coordinates and maintains the following services limited to and within its availabe resources:

  • Academic community awareness raising of the global computer security problem through awareness seminars and training available for all the academic community
  • Counseling by communication of alerts, in recommendation and awareness of computer security, contributing in this manner to implement and promote best practices and policies in computer security
  • Monitor infrastructure, applications and systems relative to computer security vulnerabilities, evaluating impact, proposing corrections and/or necessary changes to minimize risk of data exposing and information systems compromise
  • Perform case by case on request basis, computer security audits with intent of vulnerability identification and associated exploitation risks that affect system sectors and sub sectors of UALG,
  • Help and contribute to the definition, implementation and guarantee of execution of technical standards and procedures in computer security context
  • Actively contribute with other internal and external entities, in the computer security context, by participating in activities, projects and task forces in the national and international domain that will promote innovation and novelty services to the community

There are no available forms at the moment for this report.

Although all precautions have been taken in the preparation of the information posted on the internet portal, CSiRT.UALG is not liable for errors or omissions, or any damage resulting from the use of this information.

Documentos

pgp-CSIRT-UALG-PUB
 
 
 
Contacts

Campus da Penha, 8005-139 Faro
Telefone: +351 289 244 450 / 244450 (interno)
Email: csirt@ualg.pt

Schedule

Monday to Friday, from 9:00 to 12:30 and from 14:00 to 17:30