RFC2350 (CSIRT) Description for LFRZ-CERT

1. About this document

This document contains a description of LFRZ-CERT according to RFC 2350.
It provides basic information about the CERT, the ways it can be
contacted, describes its responsibilities and the services offered.


1.1 Date of Last Update

Version 1.0, Date: Apr 03, 2023


1.2 Locations where this document may be found

The current version of this CSIRT description document is available from the
Website: https://www.lfrz.gv.at

The URL of the Document is: https://www.lfrz.gv.at/lfrz-cert-rfc2350.txt

Please make sure you are using the latest version.


2. Contact Information

2.1 Name of the Team

LFRZ-CERT
The Computer Emergency Response Team of the Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH)


2.2 Address

LFRZ-CERT 
Hintere Zollamtsstraße 4
1030 Vienna
Austria


2.3 Time Zone

Central Europe Time (UTC+0100, UTC+0200 from last Sunday in March to last Sunday in October)


2.4 Telephone Number

+43 1 33176 0


2.5 Facsimile Number

- -


2.6 Other Telecommunication

- -


2.7 Electronic Mail Address

- -


2.8 Public Keys and Encryption Information

The LFRZ-CERT communication Key is available on the LFRZ Website.
PGP-Fingerprint: 26:E5:8A:3B:85:E4:E3:57:C5:1D:CF:7D:55:80:1F:8A:C7:F6:C0:44
Encrypted communications with LFRZ-CERT should use this - and only this - operational key.

The key can be found at: https://www.lfrz.gv.at/lfrz-cert-key.asc


2.9 Team Members

LFRZ-CERT's Team Chair is Georg Melzer. 

Management and supervision are provided by Georg Melzer, CISO of the
Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH)


2.10 Other Information

General information about the LFRZ-CERT can be found at: https://www.lfrz.gv.at


2.11 Points of Customer Contact

https://www.lfrz.gv.at/kontakt.html

This is the preferred way for reporting incidents.

If it is not possible to use this form, the LFRZ-CERT can be reached during regular
office hours by phone (cf. 2.4).

LFRZ-CERT's hours of operation are our regular business hours (08:00-16:00 Monday
to Friday except legal holidays, Good Friday, December 24 and December 31)
(08:00-12:00 Good Friday, December 24 and December 31)


3. Charter

3.1 Mission Statement

The LFRZ-CERT is the contact for technical issues in ICT security of the 
Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH)

The aim of the LFRZ-CERT is the elimination of security issues affecting the
Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH).


3.2 Constituency

LFRZ-CERT's constituency is the Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH).

The services of the LFRZ-CERT limited to the Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH).
Note that usually no direct support will be given to other organisations or end users.  With the exception of 
the activities associated with the Austrian CERT-Verbund.


3.3 Sponsorship and/or Affiliation

LFRZ-CERT is located at Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH).


3.4 Authority

The main purpose of LFRZ-CERT is internal security and incident issues.

The LFRZ-CERT has authority over Institutions and domains related to the 
Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH)


4. Policies

4.1 Types of Incidents and Level of Support

LFRZ-CERT is authorized to address all types of computer security incidents which
occur, or threaten to occur, in our constituency (cf.  3.2)


4.2 Co-operation, Interaction and Disclosure of Information

The LFRZ-CERT cooperates at national level (CERT.at, GovCERT.at, CERT-Verbund
Österreich) and at international level (for example, ICS-CERT, TF-CSIRT) with
other CERTs.


4.3 Communication and Authentication

For normal communication not containing sensitive information LFRZ-CERT will use
conventional methods like unencrypted e-mail.

For secure communication PGP-Encrypted e-mail will be used. If it is necessary
to authenticate a person before communicating, this can be done either through
existing webs of trust (e.g. FIRST, TI, ACOnet customers) or by other methods
like call-back, mail-back or even face-to-face meeting if necessary.


5. Services

5.1 Incident Response

LFRZ-CERT coordinates incident prevention, handling and response within its constituency.


5.1.1. Incident Triage

 * determine wether an incident is authentic
 * determine the applications or departments involved


5.1.2. Incident Coordination

 * Contact the department(s) involved and ask them to investigate the incident and to 
   take the appropriate steps
 * Notify other departments if appropriate


5.1.3. Incident Resolution 

 * Assure the incident is handled properly by the affected department(s). Ask for feedback.  
 * If necessary take appropriate steps within the Network of the 
   Land-, forst- und wasserwirtschaftliches Rechenzentrum GmbH (LFRZ GmbH)
   (e.g. block ports, disconnect sites, etc.)

LFRZ-CERT collects statistics about incidents within its constituency.


5.2 Proactive Activities

LFRZ-CERT provides the following proactive services: 
 * Information services Database of Security Contacts 
 * raise security awareness in its constituency Blog to inform the Constituency 
   of important issues


6. Incident Reporting Forms

https://www.lfrz.gv.at/kontakt.html


7. Disclaimers

While every precaution will be taken in the preparation of information,
notifications and alerts, LFRZ-CERT assumes no responsibility for errors or
omissions, or for damages resulting from the use of the information contained
therein.