1. DOCUMENT INFORMATION
This document complies with RFC 2350.
1.1. Date of Last Update
This is version 1.0 as of April 11, 2017.
1.2. Distribution List for Notifications
This profile is kept up-to-date in the location specified in section 1.3. E-mail notification of updates are sent to UmU IRT management and investigators.
Please send any questions about updates to the UmU IRT team e-mail address: email@example.com.
1.3. Locations where this Document May Be Found
The current version of this profile is available at
2. CONTACT INFORMATION
2.1. Name of the Team
Full name: Umeå University Incident Response Team.
Short name: UmU IRT
2.2.1 Mail address
IT-stöd och systemutveckling (ITS)
S-901 87 UMEÅ, Sweden
2.2.2 Visiting address
IT-stöd och systemutveckling (ITS)
2.3. Time Zone
Central European Time, CET, UTC+1
Central European Summer Time, CEST, UTC+2 in summer time (last Sunday of March to last Sunday of October)
2.4. Telephone Number
SUNET CERT telephone number: +46 90 786 77 67
2.5. Facsimile Number
SUNET CERT facsimile number: +46 90 786 67 62
2.6. Other Telecommunication
2.7. Electronic Mail Address
Please send incident reports that relate to Umeå University, including copyright issues, spam and abuse to firstname.lastname@example.org. Non-incident related mail should be addressed to email@example.com.
2.8. Public Keys and Encryption Information
Please encrypt any sensitive e-mail with the UmU IRT PGP key with:
PGP keyid 0x6CCBB03C and
PGP fingerprint 793A 2CF5 32F4 DDB2 092F BDEA 703A 9036 6CCB B03C
and send it to firstname.lastname@example.org.
Please sign messages using a key that is verifiable using the public keyservers.
Because all UmU IRT investigators can read mail encrypted with the email@example.com key, individuals can use it if they cannot find a key for a specific UmU IRT team member.
2.9. Team Members
No public information is provided about UmU IRT team members.
2.10. Other Information
Further information about the UmU IRT can be found at https://www.aurora.umu.se/regler-och-riktlinjer/sakerhet/it-sakerhet/
UmU IRT is listed by the Trusted Introducer (TI) for CSIRTs in Europe and has been registred as "TI Listed CSIRT" since 20 June 2017; see https://www.trusted-introducer.org/directory/teams/umu-irt.html for details.
2.11. Points of Customer Contact
The preferred method for contacting UmU IRT is e-mail.
For general inquiries, please send e-mail to: firstname.lastname@example.org.
For abuse or security issues, please use email@example.com.
In an emergency, contact UmU IRT on +46 90 786 77 67
UmU IRT's hours of operation are generally restricted to regular business hours, or 08:00 to 16:30 Monday to Friday except public holidays.
3.1. Mission Statement
The UmU IRT's mission is to prevent, detect and resolve IT security incidents related to Umeå University.
For the world, UmU IRT is the Umeå University interface with regards to IT security incidents response.
All IT security incidents (including abuse) related to Umeå University can be reported to UmU IRT.
Umeå University with all its organizations, employees and networks. UmU IRT corresponding AS-numbers are:
3.3. Sponsoring Organisation / Affiliation
UmU IRT operates with the authority delegated by the Umeå University CSO.
UmU IRT operates under the supervision of the Umeå University management.
UmU IRT coordinates security incidents on behalf of Umeå University.
UmU IRT is expected to make operational recommendations or take operational actions in the course of its work in the interest of the IT Security at Umeå University.
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority.
4.2. Co-operation, Interaction, and Disclosure of Information
All incoming information is handled confidentially by UmU IRT and in accordance with Swedish Law.
When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.
UmU IRT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.trusted-introducer.org/ISTLPv11.pdf); information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
4.3. Communication and Authentication
See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.
5.1. Incident Response (Triage, Coordination, and Resolution)
UmU IRT can assist system administrators in handling the technical and organizational aspects of computer security incidents.
6. INCIDENT REPORTING FORMS
Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.