Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
inc-incident-handling-fx/docs/index.html
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
1066 lines (1066 sloc)
65 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <meta http-equiv="X-UA-Compatible" content="IE=edge"> | |
| <meta name="viewport" content="width=device-width, initial-scale=1.0"> | |
| <meta name="generator" content="Asciidoctor 2.0.10"> | |
| <title>Internet2 Trust and Identity Services Incident Handling Framework</title> | |
| <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700"> | |
| <style> | |
| /* Asciidoctor default stylesheet | MIT License | https://asciidoctor.org */ | |
| /* Uncomment @import statement to use as custom stylesheet */ | |
| /*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/ | |
| article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section{display:block} | |
| audio,video{display:inline-block} | |
| audio:not([controls]){display:none;height:0} | |
| html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%} | |
| a{background:none} | |
| a:focus{outline:thin dotted} | |
| a:active,a:hover{outline:0} | |
| h1{font-size:2em;margin:.67em 0} | |
| abbr[title]{border-bottom:1px dotted} | |
| b,strong{font-weight:bold} | |
| dfn{font-style:italic} | |
| hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0} | |
| mark{background:#ff0;color:#000} | |
| code,kbd,pre,samp{font-family:monospace;font-size:1em} | |
| pre{white-space:pre-wrap} | |
| q{quotes:"\201C" "\201D" "\2018" "\2019"} | |
| small{font-size:80%} | |
| sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline} | |
| sup{top:-.5em} | |
| sub{bottom:-.25em} | |
| img{border:0} | |
| svg:not(:root){overflow:hidden} | |
| figure{margin:0} | |
| fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em} | |
| legend{border:0;padding:0} | |
| button,input,select,textarea{font-family:inherit;font-size:100%;margin:0} | |
| button,input{line-height:normal} | |
| button,select{text-transform:none} | |
| button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer} | |
| button[disabled],html input[disabled]{cursor:default} | |
| input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0} | |
| button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0} | |
| textarea{overflow:auto;vertical-align:top} | |
| table{border-collapse:collapse;border-spacing:0} | |
| *,*::before,*::after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box} | |
| html,body{font-size:100%} | |
| body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto;tab-size:4;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased} | |
| a:hover{cursor:pointer} | |
| img,object,embed{max-width:100%;height:auto} | |
| object,embed{height:100%} | |
| img{-ms-interpolation-mode:bicubic} | |
| .left{float:left!important} | |
| .right{float:right!important} | |
| .text-left{text-align:left!important} | |
| .text-right{text-align:right!important} | |
| .text-center{text-align:center!important} | |
| .text-justify{text-align:justify!important} | |
| .hide{display:none} | |
| img,object,svg{display:inline-block;vertical-align:middle} | |
| textarea{height:auto;min-height:50px} | |
| select{width:100%} | |
| .center{margin-left:auto;margin-right:auto} | |
| .stretch{width:100%} | |
| .subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em} | |
| div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr} | |
| a{color:#2156a5;text-decoration:underline;line-height:inherit} | |
| a:hover,a:focus{color:#1d4b8f} | |
| a img{border:0} | |
| p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility} | |
| p aside{font-size:.875em;line-height:1.35;font-style:italic} | |
| h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em} | |
| h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0} | |
| h1{font-size:2.125em} | |
| h2{font-size:1.6875em} | |
| h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em} | |
| h4,h5{font-size:1.125em} | |
| h6{font-size:1em} | |
| hr{border:solid #dddddf;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0} | |
| em,i{font-style:italic;line-height:inherit} | |
| strong,b{font-weight:bold;line-height:inherit} | |
| small{font-size:60%;line-height:inherit} | |
| code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)} | |
| ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit} | |
| ul,ol{margin-left:1.5em} | |
| ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em} | |
| ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit} | |
| ul.square{list-style-type:square} | |
| ul.circle{list-style-type:circle} | |
| ul.disc{list-style-type:disc} | |
| ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0} | |
| dl dt{margin-bottom:.3125em;font-weight:bold} | |
| dl dd{margin-bottom:1.25em} | |
| abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help} | |
| abbr{text-transform:none} | |
| blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd} | |
| blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)} | |
| blockquote cite::before{content:"\2014 \0020"} | |
| blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)} | |
| blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)} | |
| @media screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2} | |
| h1{font-size:2.75em} | |
| h2{font-size:2.3125em} | |
| h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em} | |
| h4{font-size:1.4375em}} | |
| table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede} | |
| table thead,table tfoot{background:#f7f8f7} | |
| table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left} | |
| table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)} | |
| table tr.even,table tr.alt{background:#f8f8f7} | |
| table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6} | |
| h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em} | |
| h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400} | |
| .clearfix::before,.clearfix::after,.float-group::before,.float-group::after{content:" ";display:table} | |
| .clearfix::after,.float-group::after{clear:both} | |
| :not(pre):not([class^=L])>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed;word-wrap:break-word} | |
| :not(pre)>code.nobreak{word-wrap:normal} | |
| :not(pre)>code.nowrap{white-space:nowrap} | |
| pre{color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;line-height:1.45;text-rendering:optimizeSpeed} | |
| pre code,pre pre{color:inherit;font-size:inherit;line-height:inherit} | |
| pre>code{display:block} | |
| pre.nowrap,pre.nowrap pre{white-space:pre;word-wrap:normal} | |
| em em{font-style:normal} | |
| strong strong{font-weight:400} | |
| .keyseq{color:rgba(51,51,51,.8)} | |
| kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap} | |
| .keyseq kbd:first-child{margin-left:0} | |
| .keyseq kbd:last-child{margin-right:0} | |
| .menuseq,.menuref{color:#000} | |
| .menuseq b:not(.caret),.menuref{font-weight:inherit} | |
| .menuseq{word-spacing:-.02em} | |
| .menuseq b.caret{font-size:1.25em;line-height:.8} | |
| .menuseq i.caret{font-weight:bold;text-align:center;width:.45em} | |
| b.button::before,b.button::after{position:relative;top:-1px;font-weight:400} | |
| b.button::before{content:"[";padding:0 3px 0 2px} | |
| b.button::after{content:"]";padding:0 2px 0 3px} | |
| p a>code:hover{color:rgba(0,0,0,.9)} | |
| #header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em} | |
| #header::before,#header::after,#content::before,#content::after,#footnotes::before,#footnotes::after,#footer::before,#footer::after{content:" ";display:table} | |
| #header::after,#content::after,#footnotes::after,#footer::after{clear:both} | |
| #content{margin-top:1.25em} | |
| #content::before{content:none} | |
| #header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0} | |
| #header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #dddddf} | |
| #header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #dddddf;padding-bottom:8px} | |
| #header .details{border-bottom:1px solid #dddddf;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap} | |
| #header .details span:first-child{margin-left:-.125em} | |
| #header .details span.email a{color:rgba(0,0,0,.85)} | |
| #header .details br{display:none} | |
| #header .details br+span::before{content:"\00a0\2013\00a0"} | |
| #header .details br+span.author::before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)} | |
| #header .details br+span#revremark::before{content:"\00a0|\00a0"} | |
| #header #revnumber{text-transform:capitalize} | |
| #header #revnumber::after{content:"\00a0"} | |
| #content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #dddddf;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem} | |
| #toc{border-bottom:1px solid #e7e7e9;padding-bottom:.5em} | |
| #toc>ul{margin-left:.125em} | |
| #toc ul.sectlevel0>li>a{font-style:italic} | |
| #toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0} | |
| #toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none} | |
| #toc li{line-height:1.3334;margin-top:.3334em} | |
| #toc a{text-decoration:none} | |
| #toc a:active{text-decoration:underline} | |
| #toctitle{color:#7a2518;font-size:1.2em} | |
| @media screen and (min-width:768px){#toctitle{font-size:1.375em} | |
| body.toc2{padding-left:15em;padding-right:0} | |
| #toc.toc2{margin-top:0!important;background:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #e7e7e9;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto} | |
| #toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em} | |
| #toc.toc2>ul{font-size:.9em;margin-bottom:0} | |
| #toc.toc2 ul ul{margin-left:0;padding-left:1em} | |
| #toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em} | |
| body.toc2.toc-right{padding-left:0;padding-right:15em} | |
| body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #e7e7e9;left:auto;right:0}} | |
| @media screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0} | |
| #toc.toc2{width:20em} | |
| #toc.toc2 #toctitle{font-size:1.375em} | |
| #toc.toc2>ul{font-size:.95em} | |
| #toc.toc2 ul ul{padding-left:1.25em} | |
| body.toc2.toc-right{padding-left:0;padding-right:20em}} | |
| #content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px} | |
| #content #toc>:first-child{margin-top:0} | |
| #content #toc>:last-child{margin-bottom:0} | |
| #footer{max-width:100%;background:rgba(0,0,0,.8);padding:1.25em} | |
| #footer-text{color:rgba(255,255,255,.8);line-height:1.44} | |
| #content{margin-bottom:.625em} | |
| .sect1{padding-bottom:.625em} | |
| @media screen and (min-width:768px){#content{margin-bottom:1.25em} | |
| .sect1{padding-bottom:1.25em}} | |
| .sect1:last-child{padding-bottom:0} | |
| .sect1+.sect1{border-top:1px solid #e7e7e9} | |
| #content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400} | |
| #content h1>a.anchor::before,h2>a.anchor::before,h3>a.anchor::before,#toctitle>a.anchor::before,.sidebarblock>.content>.title>a.anchor::before,h4>a.anchor::before,h5>a.anchor::before,h6>a.anchor::before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em} | |
| #content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible} | |
| #content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none} | |
| #content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221} | |
| details,.audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em} | |
| details>summary:first-of-type{cursor:pointer;display:list-item;outline:none;margin-bottom:.75em} | |
| .admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic} | |
| table.tableblock.fit-content>caption.title{white-space:nowrap;width:0} | |
| .paragraph.lead>p,#preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:1.21875em;line-height:1.6;color:rgba(0,0,0,.85)} | |
| table.tableblock #preamble>.sectionbody>[class="paragraph"]:first-of-type p{font-size:inherit} | |
| .admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%} | |
| .admonitionblock>table td.icon{text-align:center;width:80px} | |
| .admonitionblock>table td.icon img{max-width:none} | |
| .admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase} | |
| .admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #dddddf;color:rgba(0,0,0,.6)} | |
| .admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0} | |
| .exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px} | |
| .exampleblock>.content>:first-child{margin-top:0} | |
| .exampleblock>.content>:last-child{margin-bottom:0} | |
| .sidebarblock{border-style:solid;border-width:1px;border-color:#dbdbd6;margin-bottom:1.25em;padding:1.25em;background:#f3f3f2;-webkit-border-radius:4px;border-radius:4px} | |
| .sidebarblock>:first-child{margin-top:0} | |
| .sidebarblock>:last-child{margin-bottom:0} | |
| .sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center} | |
| .exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0} | |
| .literalblock pre,.listingblock>.content>pre{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;overflow-x:auto;padding:1em;font-size:.8125em} | |
| @media screen and (min-width:768px){.literalblock pre,.listingblock>.content>pre{font-size:.90625em}} | |
| @media screen and (min-width:1280px){.literalblock pre,.listingblock>.content>pre{font-size:1em}} | |
| .literalblock pre,.listingblock>.content>pre:not(.highlight),.listingblock>.content>pre[class="highlight"],.listingblock>.content>pre[class^="highlight "]{background:#f7f7f8} | |
| .literalblock.output pre{color:#f7f7f8;background:rgba(0,0,0,.9)} | |
| .listingblock>.content{position:relative} | |
| .listingblock code[data-lang]::before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:inherit;opacity:.5} | |
| .listingblock:hover code[data-lang]::before{display:block} | |
| .listingblock.terminal pre .command::before{content:attr(data-prompt);padding-right:.5em;color:inherit;opacity:.5} | |
| .listingblock.terminal pre .command:not([data-prompt])::before{content:"$"} | |
| .listingblock pre.highlightjs{padding:0} | |
| .listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px} | |
| .listingblock pre.prettyprint{border-width:0} | |
| .prettyprint{background:#f7f7f8} | |
| pre.prettyprint .linenums{line-height:1.45;margin-left:2em} | |
| pre.prettyprint li{background:none;list-style-type:inherit;padding-left:0} | |
| pre.prettyprint li code[data-lang]::before{opacity:1} | |
| pre.prettyprint li:not(:first-child) code[data-lang]::before{display:none} | |
| table.linenotable{border-collapse:separate;border:0;margin-bottom:0;background:none} | |
| table.linenotable td[class]{color:inherit;vertical-align:top;padding:0;line-height:inherit;white-space:normal} | |
| table.linenotable td.code{padding-left:.75em} | |
| table.linenotable td.linenos{border-right:1px solid currentColor;opacity:.35;padding-right:.5em} | |
| pre.pygments .lineno{border-right:1px solid currentColor;opacity:.35;display:inline-block;margin-right:.75em} | |
| pre.pygments .lineno::before{content:"";margin-right:-.125em} | |
| .quoteblock{margin:0 1em 1.25em 1.5em;display:table} | |
| .quoteblock:not(.excerpt)>.title{margin-left:-1.5em;margin-bottom:.75em} | |
| .quoteblock blockquote,.quoteblock p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify} | |
| .quoteblock blockquote{margin:0;padding:0;border:0} | |
| .quoteblock blockquote::before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)} | |
| .quoteblock blockquote>.paragraph:last-child p{margin-bottom:0} | |
| .quoteblock .attribution{margin-top:.75em;margin-right:.5ex;text-align:right} | |
| .verseblock{margin:0 1em 1.25em} | |
| .verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility} | |
| .verseblock pre strong{font-weight:400} | |
| .verseblock .attribution{margin-top:1.25rem;margin-left:.5ex} | |
| .quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic} | |
| .quoteblock .attribution br,.verseblock .attribution br{display:none} | |
| .quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)} | |
| .quoteblock.abstract blockquote::before,.quoteblock.excerpt blockquote::before,.quoteblock .quoteblock blockquote::before{display:none} | |
| .quoteblock.abstract blockquote,.quoteblock.abstract p,.quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{line-height:1.6;word-spacing:0} | |
| .quoteblock.abstract{margin:0 1em 1.25em;display:block} | |
| .quoteblock.abstract>.title{margin:0 0 .375em;font-size:1.15em;text-align:center} | |
| .quoteblock.excerpt>blockquote,.quoteblock .quoteblock{padding:0 0 .25em 1em;border-left:.25em solid #dddddf} | |
| .quoteblock.excerpt,.quoteblock .quoteblock{margin-left:0} | |
| .quoteblock.excerpt blockquote,.quoteblock.excerpt p,.quoteblock .quoteblock blockquote,.quoteblock .quoteblock p{color:inherit;font-size:1.0625rem} | |
| .quoteblock.excerpt .attribution,.quoteblock .quoteblock .attribution{color:inherit;text-align:left;margin-right:0} | |
| table.tableblock{max-width:100%;border-collapse:separate} | |
| p.tableblock:last-child{margin-bottom:0} | |
| td.tableblock>.content>:last-child{margin-bottom:-1.25em} | |
| td.tableblock>.content>:last-child.sidebarblock{margin-bottom:0} | |
| table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede} | |
| table.grid-all>thead>tr>.tableblock,table.grid-all>tbody>tr>.tableblock{border-width:0 1px 1px 0} | |
| table.grid-all>tfoot>tr>.tableblock{border-width:1px 1px 0 0} | |
| table.grid-cols>*>tr>.tableblock{border-width:0 1px 0 0} | |
| table.grid-rows>thead>tr>.tableblock,table.grid-rows>tbody>tr>.tableblock{border-width:0 0 1px} | |
| table.grid-rows>tfoot>tr>.tableblock{border-width:1px 0 0} | |
| table.grid-all>*>tr>.tableblock:last-child,table.grid-cols>*>tr>.tableblock:last-child{border-right-width:0} | |
| table.grid-all>tbody>tr:last-child>.tableblock,table.grid-all>thead:last-child>tr>.tableblock,table.grid-rows>tbody>tr:last-child>.tableblock,table.grid-rows>thead:last-child>tr>.tableblock{border-bottom-width:0} | |
| table.frame-all{border-width:1px} | |
| table.frame-sides{border-width:0 1px} | |
| table.frame-topbot,table.frame-ends{border-width:1px 0} | |
| table.stripes-all tr,table.stripes-odd tr:nth-of-type(odd),table.stripes-even tr:nth-of-type(even),table.stripes-hover tr:hover{background:#f8f8f7} | |
| th.halign-left,td.halign-left{text-align:left} | |
| th.halign-right,td.halign-right{text-align:right} | |
| th.halign-center,td.halign-center{text-align:center} | |
| th.valign-top,td.valign-top{vertical-align:top} | |
| th.valign-bottom,td.valign-bottom{vertical-align:bottom} | |
| th.valign-middle,td.valign-middle{vertical-align:middle} | |
| table thead th,table tfoot th{font-weight:bold} | |
| tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7} | |
| tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold} | |
| p.tableblock>code:only-child{background:none;padding:0} | |
| p.tableblock{font-size:1em} | |
| ol{margin-left:1.75em} | |
| ul li ol{margin-left:1.5em} | |
| dl dd{margin-left:1.125em} | |
| dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0} | |
| ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em} | |
| ul.checklist,ul.none,ol.none,ul.no-bullet,ol.no-bullet,ol.unnumbered,ul.unstyled,ol.unstyled{list-style-type:none} | |
| ul.no-bullet,ol.no-bullet,ol.unnumbered{margin-left:.625em} | |
| ul.unstyled,ol.unstyled{margin-left:0} | |
| ul.checklist{margin-left:.625em} | |
| ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1.25em;font-size:.8em;position:relative;bottom:.125em} | |
| ul.checklist li>p:first-child>input[type="checkbox"]:first-child{margin-right:.25em} | |
| ul.inline{display:-ms-flexbox;display:-webkit-box;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap;list-style:none;margin:0 0 .625em -1.25em} | |
| ul.inline>li{margin-left:1.25em} | |
| .unstyled dl dt{font-weight:400;font-style:normal} | |
| ol.arabic{list-style-type:decimal} | |
| ol.decimal{list-style-type:decimal-leading-zero} | |
| ol.loweralpha{list-style-type:lower-alpha} | |
| ol.upperalpha{list-style-type:upper-alpha} | |
| ol.lowerroman{list-style-type:lower-roman} | |
| ol.upperroman{list-style-type:upper-roman} | |
| ol.lowergreek{list-style-type:lower-greek} | |
| .hdlist>table,.colist>table{border:0;background:none} | |
| .hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none} | |
| td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em} | |
| td.hdlist1{font-weight:bold;padding-bottom:1.25em} | |
| .literalblock+.colist,.listingblock+.colist{margin-top:-.5em} | |
| .colist td:not([class]):first-child{padding:.4em .75em 0;line-height:1;vertical-align:top} | |
| .colist td:not([class]):first-child img{max-width:none} | |
| .colist td:not([class]):last-child{padding:.25em 0} | |
| .thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd} | |
| .imageblock.left{margin:.25em .625em 1.25em 0} | |
| .imageblock.right{margin:.25em 0 1.25em .625em} | |
| .imageblock>.title{margin-bottom:0} | |
| .imageblock.thumb,.imageblock.th{border-width:6px} | |
| .imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em} | |
| .image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0} | |
| .image.left{margin-right:.625em} | |
| .image.right{margin-left:.625em} | |
| a.image{text-decoration:none;display:inline-block} | |
| a.image object{pointer-events:none} | |
| sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super} | |
| sup.footnote a,sup.footnoteref a{text-decoration:none} | |
| sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline} | |
| #footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em} | |
| #footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em;border-width:1px 0 0} | |
| #footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;margin-bottom:.2em} | |
| #footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none;margin-left:-1.05em} | |
| #footnotes .footnote:last-of-type{margin-bottom:0} | |
| #content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0} | |
| .gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0} | |
| .gist .file-data>table td.line-data{width:99%} | |
| div.unbreakable{page-break-inside:avoid} | |
| .big{font-size:larger} | |
| .small{font-size:smaller} | |
| .underline{text-decoration:underline} | |
| .overline{text-decoration:overline} | |
| .line-through{text-decoration:line-through} | |
| .aqua{color:#00bfbf} | |
| .aqua-background{background:#00fafa} | |
| .black{color:#000} | |
| .black-background{background:#000} | |
| .blue{color:#0000bf} | |
| .blue-background{background:#0000fa} | |
| .fuchsia{color:#bf00bf} | |
| .fuchsia-background{background:#fa00fa} | |
| .gray{color:#606060} | |
| .gray-background{background:#7d7d7d} | |
| .green{color:#006000} | |
| .green-background{background:#007d00} | |
| .lime{color:#00bf00} | |
| .lime-background{background:#00fa00} | |
| .maroon{color:#600000} | |
| .maroon-background{background:#7d0000} | |
| .navy{color:#000060} | |
| .navy-background{background:#00007d} | |
| .olive{color:#606000} | |
| .olive-background{background:#7d7d00} | |
| .purple{color:#600060} | |
| .purple-background{background:#7d007d} | |
| .red{color:#bf0000} | |
| .red-background{background:#fa0000} | |
| .silver{color:#909090} | |
| .silver-background{background:#bcbcbc} | |
| .teal{color:#006060} | |
| .teal-background{background:#007d7d} | |
| .white{color:#bfbfbf} | |
| .white-background{background:#fafafa} | |
| .yellow{color:#bfbf00} | |
| .yellow-background{background:#fafa00} | |
| span.icon>.fa{cursor:default} | |
| a span.icon>.fa{cursor:inherit} | |
| .admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default} | |
| .admonitionblock td.icon .icon-note::before{content:"\f05a";color:#19407c} | |
| .admonitionblock td.icon .icon-tip::before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111} | |
| .admonitionblock td.icon .icon-warning::before{content:"\f071";color:#bf6900} | |
| .admonitionblock td.icon .icon-caution::before{content:"\f06d";color:#bf3400} | |
| .admonitionblock td.icon .icon-important::before{content:"\f06a";color:#bf0000} | |
| .conum[data-value]{display:inline-block;color:#fff!important;background:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold} | |
| .conum[data-value] *{color:#fff!important} | |
| .conum[data-value]+b{display:none} | |
| .conum[data-value]::after{content:attr(data-value)} | |
| pre .conum[data-value]{position:relative;top:-.125em} | |
| b.conum *{color:inherit!important} | |
| .conum:not([data-value]):empty{display:none} | |
| dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility} | |
| h1,h2,p,td.content,span.alt{letter-spacing:-.01em} | |
| p strong,td.content strong,div.footnote strong{letter-spacing:-.005em} | |
| p,blockquote,dt,td.content,span.alt{font-size:1.0625rem} | |
| p{margin-bottom:1.25rem} | |
| .sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em} | |
| .exampleblock>.content{background:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc} | |
| .print-only{display:none!important} | |
| @page{margin:1.25cm .75cm} | |
| @media print{*{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important} | |
| html{font-size:80%} | |
| a{color:inherit!important;text-decoration:underline!important} | |
| a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important} | |
| a[href^="http:"]:not(.bare)::after,a[href^="https:"]:not(.bare)::after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em} | |
| abbr[title]::after{content:" (" attr(title) ")"} | |
| pre,blockquote,tr,img,object,svg{page-break-inside:avoid} | |
| thead{display:table-header-group} | |
| svg{max-width:100%} | |
| p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3} | |
| h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid} | |
| #toc,.sidebarblock,.exampleblock>.content{background:none!important} | |
| #toc{border-bottom:1px solid #dddddf!important;padding-bottom:0!important} | |
| body.book #header{text-align:center} | |
| body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em} | |
| body.book #header .details{border:0!important;display:block;padding:0!important} | |
| body.book #header .details span:first-child{margin-left:0!important} | |
| body.book #header .details br{display:block} | |
| body.book #header .details br+span::before{content:none!important} | |
| body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important} | |
| body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always} | |
| .listingblock code[data-lang]::before{display:block} | |
| #footer{padding:0 .9375em} | |
| .hide-on-print{display:none!important} | |
| .print-only{display:block!important} | |
| .hide-for-print{display:none!important} | |
| .show-for-print{display:inherit!important}} | |
| @media print,amzn-kf8{#header>h1:first-child{margin-top:1.25rem} | |
| .sect1{padding:0!important} | |
| .sect1+.sect1{border:0} | |
| #footer{background:none} | |
| #footer-text{color:rgba(0,0,0,.6);font-size:.9em}} | |
| @media amzn-kf8{#header,#content,#footnotes,#footer{padding:0}} | |
| </style> | |
| </head> | |
| <body class="article"> | |
| <div id="header"> | |
| </div> | |
| <div id="content"> | |
| <div class="sect1"> | |
| <h2 id="_internet2_trust_and_identity_services_incident_handling_framework">Internet2 Trust and Identity Services Incident Handling Framework</h2> | |
| <div class="sectionbody"> | |
| <div class="paragraph"> | |
| <p><strong>Prepared by:</strong> Nicholas Roy, Director of Technology and Strategy, InCommon/Internet2 Trust and Identity Services<br> | |
| <strong>Version:</strong> 1.6<br> | |
| <strong>Date:</strong> February 17, 2020</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong>Document Title: Internet2 Trust and Identity Services Security Incident Handling Framework</strong><br> | |
| <strong>Repository ID: OBTAIN NEW</strong><br> | |
| <strong>DOI: OBTAIN NEW</strong><br> | |
| <strong>Persistent URL: OBTAIN NEW</strong><br> | |
| <strong>Authors: Nicholas Roy</strong><br> | |
| <strong>Publication Date: UPDATE</strong><br> | |
| <strong>Sponsor: Vice President, Internet2 Trust and Identity Services</strong><br> | |
| <strong>Superseded documents: None</strong><br> | |
| <strong>Proposed future review date: February 17, 2022</strong><br> | |
| <strong>Subject tags: security, incident, trust, identity, incommon, services</strong></p> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong>© 2020 Internet2</strong><br> | |
| <strong>This work is licensed under a <a href="https://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License.</a></strong></p> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_change_log">Change Log</h3> | |
| <table class="tableblock frame-all grid-all stretch"> | |
| <colgroup> | |
| <col style="width: 20%;"> | |
| <col style="width: 20%;"> | |
| <col style="width: 20%;"> | |
| <col style="width: 20%;"> | |
| <col style="width: 20%;"> | |
| </colgroup> | |
| <thead> | |
| <tr> | |
| <th class="tableblock halign-left valign-top">Status</th> | |
| <th class="tableblock halign-left valign-top">Change</th> | |
| <th class="tableblock halign-left valign-top">Date</th> | |
| <th class="tableblock halign-left valign-top">Version</th> | |
| <th class="tableblock halign-left valign-top">Approved by</th> | |
| </tr> | |
| </thead> | |
| <tbody> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">First version to InCommon Steering</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">October 21, 2016</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">0.6</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Added example of “upstream provider” in Scope section</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">October 26, 2016</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">0.7</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Added information about vulnerability disclosure to scope and contact sections, acknowledged TIER Security and Audit Working Group input</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">November 2, 2016</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">0.8</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Added contact information</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">January 11, 2017</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">0.9</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Prepublication</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Added governing language reference</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">January 19, 2017</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.0</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Publication</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Revisions from Internet2 General Counsel</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">January 30, 2017</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.1</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Publication</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Revisions to fix typos and add document repository information</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">February 27, 2018</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.2</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Support other InCommon services</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">July 15, 2019</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.3</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Changed from InCommon to Internet2 Trust and Identity Services</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">September 5, 2019</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.4</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Added language about who can declare an incident</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">September 26, 2019</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.5</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Draft</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Added information about PGP key usage</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">February 17, 2020</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">1.6</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Nicholas Roy</p></td> | |
| </tr> | |
| </tbody> | |
| </table> | |
| <div style="page-break-after: always;"></div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_this_page_intentionally_left_blank">THIS PAGE INTENTIONALLY LEFT BLANK</h3> | |
| <div style="page-break-after: always;"></div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_table_of_contents">Table of Contents</h3> | |
| <div class="paragraph"> | |
| <p>Internet2 Trust and Identity Services Security Incident Handling Framework<br> | |
| Table of Contents<br> | |
| Mission Statement of Internet2 Trust and Identity Services CSIRT<br> | |
| Definition of “Security Incident”<br> | |
| Initial Contact/Notification and Triage<br> | |
| Generalized Procedure for When Action Is Required<br> | |
| Roles<br> | |
| Assessment of an Incident<br> | |
| Scope<br> | |
| Nature<br> | |
| Criticality<br> | |
| Communications<br> | |
| Traffic Light Protocol for Exchange of Information<br> | |
| Incident Handling Actions Matrix<br> | |
| Appendix A: References<br> | |
| Appendix B: Acknowledgements<br></p> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_mission_statement_of_internet2_trust_and_identity_services_csirt">Mission Statement of Internet2 Trust and Identity Services CSIRT</h3> | |
| <div class="paragraph"> | |
| <p>Internet2’s Trust and Identity Services Computer Security Incident Response Team (CSIRT) is a group of identified individuals working at Internet2 and in the community, assigned specific roles, and chartered to respond to security incidents related to Internet2’s Trust and Identity (TI) Services so that they may be relied upon by users for mission-critical and security-sensitive operations on an ongoing basis. To that end, the CSIRT will:</p> | |
| </div> | |
| <div class="ulist"> | |
| <ul> | |
| <li> | |
| <p>Receive information about security-related threats to TI service infrastructure</p> | |
| </li> | |
| <li> | |
| <p>Receive information about security-related threats to relevant aspects of TI service users'/deployers' systems</p> | |
| </li> | |
| <li> | |
| <p>Assess the risk of such threats</p> | |
| </li> | |
| <li> | |
| <p>Develop response and remediation plans where appropriate to address these threats</p> | |
| </li> | |
| <li> | |
| <p>Execute, with the possible addition of needed external resources, incident response according to a documented incident handling framework</p> | |
| </li> | |
| <li> | |
| <p>Report out to stakeholder communities on the nature of incidents responded to, status of response, and to communicate as needed with affected parties</p> | |
| </li> | |
| </ul> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_definition_of_security_incident">Definition of “Security Incident”</h3> | |
| <div class="paragraph"> | |
| <p>A computer security Incident is: A violation or imminent threat of violation of computer security policies, applicable laws and regulations, acceptable use policies, or standard security practices. A security incident may involve either electronic or paper data. [5]</p> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_initial_contactnotification_and_triage">Initial Contact/Notification and Triage</h3> | |
| <div class="paragraph"> | |
| <p>Any party may make the CSIRT aware of a relevant security incident or disclosure via one of the following mechanisms (available 24x7x365)</p> | |
| </div> | |
| <div class="olist arabic"> | |
| <ol class="arabic"> | |
| <li> | |
| <p><strong><em>Call this number: +1 734 352 7045 (PREFERRED)</em></strong></p> | |
| </li> | |
| <li> | |
| <p><strong><em>Send an email to: <a href="mailto:security@incommon.org">security@incommon.org</a></em></strong></p> | |
| </li> | |
| </ol> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong><em>NOTE: Outside of normal US business hours, it may take up to 12 hours for staff to be notified of your email. In critical emergencies, please call the phone number above, if possible.</em></strong></p> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong><em>Inquiries from any law enforcement agency regarding a security incident, including formal legal process such as subpoenas and warrants, must be directed to the General Counsel of Internet2.</em></strong></p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>You can use InCommon’s PGP public key to encrypt sensitive information you send to us via email. Information on this key is available at: <a href="https://incommon.org/incident-reponse/">https://incommon.org/incident-reponse/</a>. <strong>DO NOT</strong> send sensitive information in unecrypted email.</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>The CSIRT will accept, evaluate and reply (when necessary and deemed appropriate) to valid submissions as soon as possible, but in no event later than 24 hours after receipt of the notice.</p> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_generalized_procedure_for_when_action_is_required">Generalized Procedure for When Action Is Required</h3> | |
| <div class="paragraph"> | |
| <p>Upon receipt of information about a possible security threat to an Internet2 Trust and Identity Services service offering, the CSIRT will:</p> | |
| </div> | |
| <div class="olist arabic"> | |
| <ol class="arabic"> | |
| <li> | |
| <p>Identify an incident handling lead</p> | |
| </li> | |
| <li> | |
| <p>Assign the lead to perform a brief initial assessment of the situation, including initial classification of the incident or disclosure as: “Normal,” “Escalation,” or “Emergency” in nature.</p> | |
| </li> | |
| <li> | |
| <p>The lead will determine and execute next steps based on assessment of initial event classification, including the formation of an incident handling team as necessitated by nature, criticality and scope. Lead may call in resources for the incident handling team, and those resources are obligated to help with further analysis, remediation and other necessary incident handling steps. Normal procedures to follow are documented in the #heading=h.gm8jazx2m6qf[Incident Handling Actions Matrix] below</p> | |
| </li> | |
| <li> | |
| <p>All relevant details of the incident including classification, handling, communication, resolution and disposal will be documented at the request of Counsel in a shared file repository within Internet2</p> | |
| </li> | |
| <li> | |
| <p>An incident is closed when the Executive Sponsor determines that the event has been handled appropriately and is no longer an active threat. In some cases, one or more reports may be issued to relevant stakeholders.</p> | |
| </li> | |
| </ol> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_roles">Roles</h3> | |
| <div class="paragraph"> | |
| <p>Roles 1-4 make up the standing CSIRT, with all roles under 5 filled on an as-needed basis.</p> | |
| </div> | |
| <div class="olist arabic"> | |
| <ol class="arabic"> | |
| <li> | |
| <p>CSIRT Executive Sponsor, typically the Internet2 Vice President for Trust and Identity Services. Only this role can declare an incident, in consultation with a lead named by this role.</p> | |
| </li> | |
| <li> | |
| <p>Incident Lead, typically an Internet2 Security Lead</p> | |
| </li> | |
| <li> | |
| <p>Incident Communications Representative, typically an Internet2 marketing and communication director</p> | |
| </li> | |
| <li> | |
| <p>REN-ISAC liaison</p> | |
| </li> | |
| <li> | |
| <p>Incident Handling Team (<strong><em>specific make-up of each team subject to availability and appropriateness</em></strong> at the discretion of the Incident Lead and CSIRT Executive Sponsor)</p> | |
| <div class="olist loweralpha"> | |
| <ol class="loweralpha" type="a"> | |
| <li> | |
| <p>Lead (a role which may be assigned to any of the team members, but should remain lead throughout the handling of an incident)</p> | |
| </li> | |
| <li> | |
| <p>Executive Sponsor</p> | |
| </li> | |
| <li> | |
| <p>Steering Liaison</p> | |
| </li> | |
| <li> | |
| <p>Service Advisory Committee Liaison</p> | |
| </li> | |
| <li> | |
| <p>Service Operations Representative</p> | |
| </li> | |
| <li> | |
| <p>Internet2 Communications Representative</p> | |
| </li> | |
| <li> | |
| <p>Internet2 Chief Information Security Officer Representative</p> | |
| </li> | |
| <li> | |
| <p>Other relevant internal Internet2 areas</p> | |
| </li> | |
| <li> | |
| <p>REN-ISAC Representative and Liaison</p> | |
| </li> | |
| <li> | |
| <p>Law Enforcement Representative and Liaison</p> | |
| </li> | |
| <li> | |
| <p>Legal Representative</p> | |
| </li> | |
| </ol> | |
| </div> | |
| </li> | |
| </ol> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_assessment_of_an_incident">Assessment of an Incident</h3> | |
| <div class="paragraph"> | |
| <p>This section is a set of guidelines to allow the named incident handling lead to assess the classification of an incident, for use as input in determining next steps, in the next section.</p> | |
| </div> | |
| <div class="sect3"> | |
| <h4 id="_scope">Scope</h4> | |
| <div class="paragraph"> | |
| <p>To be in scope for action by the CSIRT, mitigation of the incident must essentially depend on one or more changes to TI service operations which involve TI change management processes, as determined by the CSIRT.</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>An incident or disclosure which has compromised, or may lead to the compromise of, systems or services that affect one or more of:</p> | |
| </div> | |
| <div class="olist arabic"> | |
| <ol class="arabic"> | |
| <li> | |
| <p>TI Operations or its upstream or third-party providers (for example, cloud hosting providers, multifactor authentication providers, etc.) on which its operations depend.</p> | |
| </li> | |
| <li> | |
| <p>The systems or services of a Trust and Identity Services participant/connector relevant to their use of such services, such as Identity Provider or Service Provider software or related cryptographic materials, RADIUS infrastructure, etc.</p> | |
| </li> | |
| <li> | |
| <p>Any other operational aspect of TI services.</p> | |
| </li> | |
| </ol> | |
| </div> | |
| <div class="paragraph"> | |
| <p>are deemed to be in-scope for TI’s incident handling processes and should be assessed for nature and criticality before any further actions are taken. If an incident is not in-scope, it will be documented and handed off to the appropriate party (internal to or external to Internet2) for further assessment and handling.</p> | |
| </div> | |
| </div> | |
| <div class="sect3"> | |
| <h4 id="_nature">Nature</h4> | |
| <div class="paragraph"> | |
| <p>Answer the question: Is the event an “Incident”? i.e.:</p> | |
| </div> | |
| <div class="olist arabic"> | |
| <ol class="arabic"> | |
| <li> | |
| <p>Discovery of the neglect of a system or systems by a human actor responsible for maintaining that/those systems that prevents misuse or exploitation of the system(s) to harm TI or its participants’/connectors' networks or systems as those networks or systems function in a core or supporting role within the portfolio of TI services.</p> | |
| </li> | |
| <li> | |
| <p>Use of a system or network in any way that compromises TI or its participants'/connectors' networks or systems as those networks or systems function in a core or supporting role within the portfolio of TI services.</p> | |
| </li> | |
| <li> | |
| <p>Any other use or misuse of computing resources, intentional or otherwise, which would cause harm to networks or systems that have a core or supporting role within the portfolio of TI services (for more information on TI services, see: <a href="https://www.incommon.org/">https://www.incommon.org/</a>). | |
| If an event is determined to be an “Incident” in nature, it should be further analyzed for elements of criticality in order to determine necessary actions. If the event is not an “Incident,” it should be handed off to a relevant service operations group for further analysis and handling.</p> | |
| </li> | |
| </ol> | |
| </div> | |
| </div> | |
| <div class="sect3"> | |
| <h4 id="_criticality">Criticality</h4> | |
| <div class="paragraph"> | |
| <p>Incidents fall into three criticality categories:</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong>Normal</strong> - an event that does not affect critical production systems or the trustworthy flow of identity/trust-related data across TI services.</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong>Escalation</strong> - an event that affects production systems and requires change control steps be followed as part of a response.</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p><strong>Emergency</strong> - a change to a production system impacting one or more of the following:</p> | |
| </div> | |
| <div class="olist arabic"> | |
| <ol class="arabic"> | |
| <li> | |
| <p>Health and safety</p> | |
| </li> | |
| <li> | |
| <p>Critical controls on systems which are relied upon for the trustworthy exchange of identity/trust data between TI services' participants/connectors and which utilize TI services for facilitation of this data exchange</p> | |
| </li> | |
| <li> | |
| <p>Ability of TI or one or more of its participants to provide services or conduct business via TI services</p> | |
| </li> | |
| <li> | |
| <p>Anything deemed an emergency by virtue of related governing policies or the CSIRT Executive Sponsor</p> | |
| </li> | |
| </ol> | |
| </div> | |
| <div class="paragraph"> | |
| <p>Events that are “Escalation” or “Emergency” in nature should be acted upon by the Incident Lead in coordination with the incident handling team according to the Incident Handling Actions Matrix in the next section. Events that are “Normal” will be handed off to the relevant party for further handling.</p> | |
| </div> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_communications">Communications</h3> | |
| <div class="paragraph"> | |
| <p>Communication of an incident is a critical step in the response plan, to be formulated in accordance with the matrix below. It is important that a communication plan be designed in a way that does not disclose information about an incident to an inappropriate audience. In many cases it is also important to let TI services' particpant/connector stakeholders know about an incident in a timely manner based on their need to know and need to share indicators of compromise. At a minimum, for an Escalation or Emergency-level Incident, an after-action review will be prepared at the request of Counsel. The review will include root cause analysis and remediation steps, and should be conducted by the Incident Lead, and a report should be prepared which may be shared with appropriate audiences.</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>A designated communication representative should be named as part of each Escalation or Emergency-level incident. This person will provide needed input to a decisionmaking process about what information to share with which audiences, and in particular, what information may be shared outside of Internet2 and the CSIRT, when, via what channels, and in what format. The Executive Sponsor will have ultimate authority for decisionmaking about the release of information, in consultation with the Incident Lead.</p> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_traffic_light_protocol_for_exchange_of_information">Traffic Light Protocol for Exchange of Information</h3> | |
| <div class="paragraph"> | |
| <p>For the purposes of communications with the CSIRT and with external parties during the handling of an active incident (and for further information sharing with other parties after the incident), the Traffic Light Protocol [3] must be used as a way to identify, label, and ensure compliance with scoping of the information shared. The Incident Lead, Executive Sponsor and Communications Representative are primarily responsible for assigning TLP categories to information to be shared, although there are times when other members of the CSIRT and external parties will need to make an assessment about TLP categories and label information they are sharing. When there is uncertainty on the part of a party responsible for classification on the proper classification of a communication item, the party should verify with the CSIRT or incident handling team. Generally, the originator of new information will need to appropriately initially label that information.</p> | |
| </div> | |
| <table class="tableblock frame-all grid-all stretch"> | |
| <colgroup> | |
| <col style="width: 33.3333%;"> | |
| <col style="width: 33.3333%;"> | |
| <col style="width: 33.3334%;"> | |
| </colgroup> | |
| <thead> | |
| <tr> | |
| <th class="tableblock halign-left valign-top"><strong>Color</strong></th> | |
| <th class="tableblock halign-left valign-top"><strong>When should it be used?</strong></th> | |
| <th class="tableblock halign-left valign-top"><strong>How may it be shared?</strong></th> | |
| </tr> | |
| </thead> | |
| <tbody> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock"><span class="red"><strong>RED</strong></span></p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Sources may use TLP: RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Recipients may not share TLP: RED information with any parties outside of the specific exchange, meeting, or conversation in which it is originally disclosed.</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock"><span class="yellow"><strong>AMBER</strong></span></p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Sources may use TLP: AMBER when information requires support to be effectively acted upon, but carries risks to privacy, reputation, or operations if shared outside of the organizations involved.</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Recipients may only share TLP: AMBER information with members of their own organization who need to know, and only as widely as necessary to act on that information.</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock"><span class="green"><strong>GREEN</strong></span></p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Sources may use TLP: GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels.</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock"><strong>WHITE</strong></p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">TLP: WHITE information may be distributed without restriction, subject to copyright controls.</p></td> | |
| </tr> | |
| </tbody> | |
| </table> | |
| <div class="paragraph"> | |
| <p><em>Reference: TLP levels matrix, from US-CERT [4]</em></p> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_incident_handling_actions_matrix">Incident Handling Actions Matrix</h3> | |
| <div class="paragraph"> | |
| <p>This matrix is intended as a generalized guide for the broad steps required in the classification and handling of security-related events. The matrix below is partially derived from information available from EDUCAUSE [2]</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>All information known by Internet2 relating to the security incident, including, as applicable, log files and other digital evidence, will be retained for 7 years.</p> | |
| </div> | |
| <table class="tableblock frame-all grid-all stretch"> | |
| <colgroup> | |
| <col style="width: 25%;"> | |
| <col style="width: 25%;"> | |
| <col style="width: 25%;"> | |
| <col style="width: 25%;"> | |
| </colgroup> | |
| <thead> | |
| <tr> | |
| <th class="tableblock halign-left valign-top"></th> | |
| <th class="tableblock halign-left valign-top">Normal</th> | |
| <th class="tableblock halign-left valign-top">Escalation</th> | |
| <th class="tableblock halign-left valign-top">Emergency</th> | |
| </tr> | |
| </thead> | |
| <tbody> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Gather incident facts and prepare Initial Assessment of Situation and send to CSIRT</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Contact the Legal representative and begin preparing all material at the request of Counsel</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Determine whether Protected Identity Information or Protected Health Information is involved</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Legal Representative determine whether to notify insurance carrier</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Contact Executive Sponsor</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Convene CSIRT Members on established realtime communication channel</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Deliver initial assessment to CSIRT team via secure channel</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Re-Assess Nature, Scope and Criticality in conference</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">If re-assessment leads to a demotion to “Normal” criticality, document and delegate further handling to non-CSIRT team(s).</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">If re-assessment supports original or higher assessed criticality execute further steps in the table.</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">If re-assessment supports original assessed criticality execute further steps in the table.</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Lead determine whether external help is required, if so, request Exec to engage appropriate help</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Lead determine initial remediation steps, distribute to CSIRT team via secure channel</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Executive determine whether or not to involve other needed representatives or resources</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">CSIRT team conference and agree on remediation steps, timeline, dependencies, and <em>initial</em> notification requirements. These decisions are documented by the Lead or designee.</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">CSIRT team engage relevant actors using Traffic Light Protocol, to act on remediation plan, ensuring discretion on the part of needed actors</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">CSIRT and action team act on plan</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">CSIRT team evaluate post-action situation and develop initial report to Executive</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">Executive conferences with CSIRT team and determines need for further measures, next steps, and reporting requirements, including complying with all applicable laws and regulations. These decisions are documented by the Lead or designee.</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">CSIRT team and executive act on any needed next steps and reporting requirements</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| <tr> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">CSIRT team conducts an after-action review as part of security continuous improvement process. These decisions are documented by the Lead or designee.</p></td> | |
| <td class="tableblock halign-left valign-top"></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| <td class="tableblock halign-left valign-top"><p class="tableblock">X</p></td> | |
| </tr> | |
| </tbody> | |
| </table> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_appendix_a_references">Appendix A: References</h3> | |
| <div class="paragraph"> | |
| <p>[2] West Brown, Stikvoort, Kossakowski, Killcrece, Ruefle, Zajicek. Handbook for Computer Security Incident Response Teams (CSIRTs) April, 2003. Carnegie-Mellon University Software Engineering Institute, <a href="http://resources.sei.cmu.edu/library/asset-view.cfm?assetID=6305">CMU/SEI-2003-HB-002</a></p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>[3] EDUCAUSE, <a href="https://spaces.internet2.edu/display/2014infosecurityguide/Incident+Checklist">Sensitive Data Exposure Checklist v1.1</a></p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>[4] US-CERT, <a href="https://www.us-cert.gov/tlp">Traffic Light Protocol</a></p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>[5 | |
| ] NIST SP800-61, <a href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf">Computer Security Incident Handling Guide</a></p> | |
| </div> | |
| </div> | |
| <div class="sect2"> | |
| <h3 id="_appendix_b_acknowledgements">Appendix B: Acknowledgements</h3> | |
| <div class="paragraph"> | |
| <p>Thanks to the following individuals and groups for their contributions to this document:</p> | |
| </div> | |
| <div class="paragraph"> | |
| <p>Kim Milford, REN-ISAC<br> | |
| Thomas Barton, The University of Chicago<br> | |
| Jane Drews, The University of Iowa<br> | |
| InCommon Technical Advisory Committee<br> | |
| InCommon Steering Committee<br> | |
| REN-ISAC<br> | |
| Big Ten Academic Alliance CISOs<br> | |
| EDUCAUSE<br> | |
| Internet2 and InCommon Staff<br> | |
| Internet2 General Counsel<br> | |
| Internet2 TIER Security and Audit Working Group</p> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| </div> | |
| <div id="footer"> | |
| <div id="footer-text"> | |
| Last updated 2020-02-17 14:29:12 -0700 | |
| </div> | |
| </div> | |
| </body> | |
| </html> |