INCIDENT HANDLING (IRIS-CERT Service)
PROCEDURE FOR SUBMITTING INCIDENTS
Our aim is to detect network security problems affecting RedIRIS centres and to coordinate actions with the centres to solve these problems.
Submission form
[Download form]: The purpose of this form is to collect any information that may be useful in managing a security incident. Complete this form to avoid unnecessary downtime when IRIS-CERT needs information not provided in the initial report transmitted by the affected site.
You can send the completed form to:
|
Incidents service opening hours
- Winter: Monday to Thursday from 9:00 am to 6:00 pm and Fridays from 9:00 am to 3:00 pm.
- Summer: Monday to Friday from 8:00 am to 3:00 pm.
- Closed: National Holidays, Madrid Autonomous Region Holidays and Madrid city Holidays.
Service quality
Following are the specifications met by RedIRIS in its quality of service parameters.
- All responses to security incidents will be given within 3 hours of their reception (on weekdays).
- If the reception occurs outside of working hours, it will be addressed in the first 3 hours of the following working day.
- Those incidents from which there is no response will be tracked. To learn more about the service, you may access the procedure section.
- RedIRIS member institutions may request administrative and/or technical support if they are unacquainted with how to respond in a security incident.
- The RedIRIS security team will not act directly with the affected machine/s; that is, it does not provide onsite resolutions. This work corresponds to the institutions themselves.
- Whenever possible, the submitter of the complaint will be notified of the resolution of the incident, although it is possible that if the resolution is successful or there has not been any response, the submitter will not be contacted. In this situation the originator of the complaint may request its status as often as desired.
Other indications of interest
- Reports that are not related to security incidents (i.e. copyright infringement), that are not properly warranted or in which the evidence submitted is not temporarily close will not be handled.
- IRIS-CERT may request the submission of more information if it considers that there is no evidence of attack.
- All CERT messages are digitally signed with the host key.