ENG

Policy and service level statement for Cyber security center for research and education

The Cyber Security Centre for research and education in Norway (eduCSC or eduCSC–NO in international contexts), manages computer security incidents targeting, originating from or misusing the network services, networks or connected equipment belonging to its parent organisation Sikt or customers connected to its network.

This management includes prevention, detection and resolution of incidents, but does not extend further to disciplinary action or legal measures.

The service conforms to the requirements for sectoral CERTs as defined in the Norwegian National Security Authority’s framework for handling of ICT security incidents and the version of this adapted for our sector by the Norwegian Directorate for Higher Education and Skills, HK-dir.

The cost of this service is covered by a combination of three sources:

  • Core services are covered by a portion of the annual fee Sikt charges for the connection to the research network.
  • Direct funds from the national budget cover the role as a sectoral CERT for higher education and research.
  • Customer organisations pay directly for services, either individually or in standardised packages.

A security incident is defined as events that compromise the confidentiality, integrity or availability of information or information handling resources; or which use such resources in a way that is illegal or causes economic loss or damage to the reputation of Sikt or its customers.

For valid incident reports, we aim to respond within one working day, with a maximum of two working days.

Informational or less significant reports may be archived with no further response, but may be used for further pattern analysis. During a crisis situation, service levels for all non-related issues will be lowered as necessary to free up resources.

Resolution

Our basic service is to provide assistance with handling and investigating incidents that involve one or more members of our constituency.

Normally we involve the local Incident Response Team or the local IT department for smaller customers without such a team; or the ISP if the problem is located outside our own network.

In severe cases, or when quick action is considered paramount, eduCSC has a mandate to perform operational actions on networks and systems to reduce potential damage, thus overriding local responsibility.

Detection

eduCSC non-intrusively monitors the network traffic for signs of misuse, and receives reports of possible abuse from national and international sources.

Credible reports regarding member institutions that are not severe enough to warrant immediate action are passed on to the local abuse handling teams.

Credible and significant reports regarding other networks are relayed to the appropriate party if we have a trusted relation to them.

This includes other Norwegian sectoral CERTs, the Norwegian National Cyber Security Centre (NCSC or NCSC-NO), our counterparts in the other Nordic countries and other teams within the Trusted Introducer (TI) and FIRST communities.

Prevention

We aid members of our constituency in securing their networks to best current practice, while maintaining a general goal of openness and functionality in the network.

We also provide a range of proactive services in the information security area, such as establishing and developing an ISMS, performing risk assessments, arranging exercises and courses, and either producing or coordinating the production of sector-specific standard and guidance documents.