RFC 2350 (BCP 21)
Description of University of Oxford Computer Emergency Response Team (OxCERT)
1: Introduction
This is the RFC 2350 for the University of OxCERT Computer Emergency Response Team (OxCERT).
2: Scope
<section intentionally blank>
3: Information, Policies and Procedures
3.1: Obtaining the Document
Date of last update:
2019-03-14
Locations where this Document May Be Found:
https://www.infosec.ox.ac.uk/rfc2350
3.2: Contact Information
Full Name:
University of Oxford Computer Emergency Response Team
Short Name:
OxCERT
Mailing address:
University of Oxford Information Security
OxCERT
16 Wellington Square
OX1 2HY Oxford
United Kingdom
Timezone:
GMT/UTC (GMT/UTC+0100 in Summer Time)
Telephone Number:
+44 1865 282222 (OxCERT) (Primary Contact)
+44 1865 612345 (IT Services Service Desk) (Secondary Contact)
Electronic Mail Address:
oxcert [AT] infosec . ox . ac . uk
Public keys and encryption:
For confidential email correspondence please use GnuPG encrypting to
OxCERT's current public key
ID: 0x5F8868AF
Fingerprint: A8E1 FD4B 9770 C77A 75F0 5273 CE28 F2F2 5F88 68AF
Operating Hours:
Emails are monitored on working days in England (UK), 9.00 to 17.00
3.3: Charter
3.3.1: Mission Statement
The main areas of responsibility of OxCERT are:
* Detection, response, and prevention of information security incidents
that are within the University of Oxford.
* Serving as a single point of contact for third party incident
response teams (CERTs/CSIRTs).
* Co-ordinating the response in case of incident escalation.
3.3.2: Constituency
IT infrastructure and services located on the University of Oxford's
data network.
ASNs: 786
Domains: *.ox.ac.uk
IP ranges:
2001:630:440::/44
163.1.0.0/16
129.67.0.0/16
192.76.6.0/23
192.76.8.0/21
192.76.16.0/20
192.76.32.0/22
3.3.3: Sponsoring Organization / Affiliation
OxCERT is the central computer security function for the University of
Oxford.
3.3.4: Authority
OxCERT has the authority to act on all incidents that cause, or could
cause, detriment to the confidentiality, integrity and availability of
University of Oxford ICT and information assets.
3.4: Policies
OxCERT works closely with UK and EU institutions & law enforcement
agencies. All relevant UK Data Protection Laws apply. In the case of
criminal action, these will be reported to the appropriate authorities.
3.5: Services
Incident response
Incident triage
Incident coordination
Incident prevention
Intrusion detection
Alerts & warnings
Vulnerability scanning
Information security education, training, and awareness building
Security consulting to members of the University
3.6: Incident Reporting Forms
Incident reporting forms are not used.
3.7: Disclaimers
This document is provided on an "as is" basis and does not imply any
kind of guarantee of service provided by the University of Oxford.
While every precaution will be taken in preparation & dissemination of
information and security alerts, OxCERT assumes no responsibility to
external (Non-University of Oxford organisations and users) for errors,
omissions, or for damages resulting from the use of the information
provided within this document or our security communications.
