SCIRT: working together to battle cyber security threats
Are you an operational security expert? If so, you should become a member of SCIRT. You will share information about current security challenges and exchange the latest tips & tricks with colleagues. SCIRT stands for SURFnet Community of Incident Response Teams.
Exchange tips & tricks on cyber security threats
In our forum, we discuss and analyse the latest cyber security threats. We discuss ideas, tips and tricks from several perspectives in order to successfully avert threats. In doing this, we predominantly focus on operational safety and security incident management.
Sharing knowledge in a variety of ways
Our goal is to raise the overall level of knowledge and experience to a higher level. In a fun manner, you will acquire more of the skills needed to practice the profession. We exchange knowledge with each other in different ways:
- digitally, for example via e-mail, and through our own wiki and a forum
- at meetings, where you can get to know each other and exchange knowledge in a low-threshold and familar manner
- during workshops, for example, in the field of new cyber security techniques or tools
- at the annual two-day cyber security conference. This conference is jointly organised by SCIRT, the SCIPR community and SURFcert.
The meetings and workshops are organised at least 3 times a year.
Classification based on colours
The Information-Sharing Traffic Light Protocol (ISTLP) is a simple protocol for classifying instances of data distribution/exchange within a non-public community, using colours. It is crucial that everyone within the community assigns the same meaning to the four colours used in the classification: RED, ORANGE, GREEN and WHITE.
What the colours mean
Within a SCIRT context (the SURFnet Community of Incident Response Teams), the colours have the following meanings:
- Information is exchanged on a personal, confidential basis.
- The recipient realises that forwarding of the information is not permitted.
- The owner of the information is the only party who may determine whether - and under what conditions - the information may be further distributed.
- The recipient may only use the information for the purposes for which he/she is authorised, and may not store it in any form whatsoever.
The information may be forwarded to a limited extent, among members of the same community. There must be a genuine reason for doing so (need-to-know basis), usually pertaining to an operational need on the part of the recipient, who requires the information in order to take action.
The information is not public, but may be freely exchanged within the entire pre-defined community (SCIRT).
This code means that distribution of the information is not subject to any further restrictions other than those already applicable due to the nature and origin of the information, such as copyright.
Security experts working together
SCIRT's main objective is to bring together the knowledge of all the security experts in the institutions affiliated to SURFnet. We are a working group for the community, but also including people from the community. You can join SCIRT if you carry out CSIRT-related work within your institution. Even if you have not yet organised it in the form of a CSIRT.
Organisation of the SCIRT community
The current, elected chairman is Ewald Beekman (email@example.com), who is the IT Security Officer at the Academic Medical Centre in Amsterdam. Don Stikvoort (firstname.lastname@example.org) is the secretary. Rogier Spoor (email@example.com) supervises and supports the SCIRT community from SURF.
The programme component content is prepared by a programme group consisting of the following members:
- Ewald Beekman - AMC
- Ronald Boontje - UvA
- Lars Hameeteman - ErasmusMC
- Remon Klein Tank - WUR
- Jasper Luiten - VUmc
- Rogier Spoor - SURFnet
- Don Stikvoort - external expert
In addition, we have our own mailing list and an online working environment.
Close cooperation with SCIPR
We work together with the platform for information security officers in higher education: SCIPR. SCIPR focuses on security policy and governance; SCIRT on operational matters. The areas of focus are very closely related to each other, and the number of touchpoints is increasing. As a result, cooperation is becoming increasingly close.
You can only become a member of SCIRT if you have an e-mail address of an institution affiliated to SURFnet. As sensitive information is regularly shared within the SCIRT community, we have a code of conduct as well as a registration procedure. If you are interested, we would be pleased to provide further information about this to you. Send an e-mail to the secretary, Don Stikvoort: firstname.lastname@example.org.