RFC2350 for OxCERT

RFC 2350 (BCP 21) 
Description of University of Oxford Computer Emergency Response Team (OxCERT) 

1: Introduction

This is the RFC 2350 for the University of OxCERT Computer Emergency Response Team (OxCERT).

2: Scope

<section intentionally blank>

3: Information, Policies and Procedures

3.1: Obtaining the Document

Date of last update: 
2019-03-14

Locations where this Document May Be Found:	
https://www.infosec.ox.ac.uk/rfc2350

3.2: Contact Information 

Full Name: 
University of Oxford Computer Emergency Response Team
Short Name: 
OxCERT

Mailing address:
University of Oxford Information Security
OxCERT
16 Wellington Square
OX1 2HY Oxford
United Kingdom 

Timezone: 
GMT/UTC (GMT/UTC+0100 in Summer Time)
	
Telephone Number:
+44 1865 282222 (OxCERT) (Primary Contact) 
+44 1865 612345 (IT Services Service Desk) (Secondary Contact)

Electronic Mail Address: 
oxcert [AT] infosec . ox . ac . uk 

Public keys and encryption:

For confidential email correspondence please use GnuPG encrypting to 
OxCERT's current public key
  ID: 0x5F8868AF
  Fingerprint: A8E1 FD4B 9770 C77A 75F0  5273 CE28 F2F2 5F88 68AF

Operating Hours: 
Emails are monitored on working days in England (UK), 9.00 to 17.00

3.3: Charter

3.3.1: Mission Statement

The main areas of responsibility of OxCERT are: 
 * Detection, response, and prevention of information security incidents
   that are within the University of Oxford.
 * Serving as a single point of contact for third party incident
   response teams (CERTs/CSIRTs).
 * Co-ordinating the response in case of incident escalation. 

3.3.2: Constituency

IT infrastructure and services located on the University of Oxford's
data network.

  ASNs: 786
  Domains: *.ox.ac.uk
  IP ranges:
    2001:630:440::/44
    163.1.0.0/16
    129.67.0.0/16
    192.76.6.0/23
    192.76.8.0/21
    192.76.16.0/20
    192.76.32.0/22    

3.3.3: Sponsoring Organization / Affiliation

OxCERT is the central computer security function for the University of
Oxford.

3.3.4: Authority

OxCERT has the authority to act on all incidents that cause, or could
cause, detriment to the confidentiality, integrity and availability of
University of Oxford ICT and information assets. 

3.4: Policies

OxCERT works closely with UK and EU institutions & law enforcement
agencies. All relevant UK Data Protection Laws apply. In the case of
criminal action, these will be reported to the appropriate authorities. 

3.5: Services

Incident response
Incident triage
Incident coordination
Incident prevention
Intrusion detection
Alerts & warnings
Vulnerability scanning
Information security education, training, and awareness building
Security consulting to members of the University

3.6: Incident Reporting Forms

Incident reporting forms are not used.

3.7: Disclaimers

This document is provided on an "as is" basis and does not imply any
kind of guarantee of service provided by the University of Oxford.

While every precaution will be taken in preparation & dissemination of
information and security alerts, OxCERT assumes no responsibility to
external (Non-University of Oxford organisations and users) for errors,
omissions, or for damages resulting from the use of the information
provided within this document or our security communications.