GENERAL POLICIES

Types of incidents and level of support

The RESTENA-CSIRT is authorised to address all types of computer security incidents which occur, or threaten to occur, within its constituency.

The level of support given by RESTENA-CSIRT will vary depending on the type and severity of the incident or issue, the type of constituent and the RESTENA-CSIRT's resources available (on a best effort basis).

Note that no direct support will be given to end users. They are expected to refer to their system or network administrator, and especially the organisation's security contact(s) for assistance.

Disclosure of information

As a generale rule, all site-specific and personal information is kept private and confidential and is not disclosed to third parties without the consent of the concerned site or person. Exchange of information (if required or necessary) is carried out in an anonymized way only.

RESTENA-CSIRT operates according to Luxembourg law and regulations. Therefore, RESTENA-CSIRT may be forced to disclose information to local authorities, pursuant to a Court Order.

Communication and Authentication

For normal communication not containing sensitive information, RESTENA-CSIRT will use conventional methods like unencrypted email or fax.

For secure communication, PGP-encrypted email or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust or by other methods like call-back, mail-back or even face-to-face meeting.