-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CSIRT Description for WienCERT 1. About this document 1.1 Date of Last Update Version 1.6, Date: May 31, 2022 1.2 Locations where this document may be found The current version of this CSIRT description document is available from the WienCERT Website: www.wiencert.at The URL of the Document is: https://www.wiencert.at/txt/rfc2350.txt Please make sure you are using the latest version. 2. Contact Information 2.1 Name of the Team WienCERT: The Computer Emergency Response Team of the Municipal Council of the City of Vienna, 2.2 Address City of Vienna MD 01 - Wien Digital Security and Compliance / WienCERT Stadlauer Strasse 54 and 56 1220 Vienna AUSTRIA 2.3 Time Zone Central Europe Time (UTC+0100, UTC+0200 from last Sunday in March to last Sunday in October) 2.4 Telephone Number +43 1 4000 71112 2.5 Facsimile Number +43 1 2803460 2.6 Other Telecommunication None. 2.7 Electronic Mail Address cert(at)wien.gv.at 2.8 Public Keys and Encryption Information The WienCERT communication Key is available via keyservers and on WienCERT Website: www.wiencert.at pub rsa4096 2019-05-17 [expires: 2024-06-03] E8BAC82141E41CDFA07EE4406838E3A0D07B16FE uid WienCERT (WienCERT communication key) Encrypted communications with WienCERT should use this - and only this - operational key. The key can be found at: https://www.wiencert.at/asc/pgpkeys.asc. Since the team key expire regularly, WienCERT will always sign younger keys with the older keys as well. See also the key transition document at: https://www.wiencert.at/txt/key-transition-2019.txt. 2.9 Team Members WienCERT's Team Chair is Martin Fellhofer. Management and supervision are provided by Wolfgang Steiner, Head of Security and Compliance, MA 01 Wien Digital. 2.10 Other Information General information about the WienCERT can be found at: www.wiencert.at 2.11 Points of Customer Contact WienCERT's e-mail address is cert(at)wien.gv.at. Mail sent to this address will be stored in our trouble ticket system and will be taken care of by the duty team as soon as possible. This is the preferred way for reporting incidents. If it is not possible to use e-mail, the WienCERT can be reached during regular office hours by phone (cf. 2.4) or by fax (cf.2.5) WienCERT's hours of operation are our regular business hours (08:00-16:00 Monday to Friday except legal holidays, Good Friday, December 24 and December 31) (08:00-12:00 Good Friday, December 24 and December 31) 3. Charter 3.1 Mission Statement The WienCERT is the contact for technical issues in ICT security of the Municipal Council of the City of Vienna. The aim of the WienCERT is the elimination of security issues affecting the Municipal Council of the City of Vienna. 3.2 Constituency WienCERT's constituency is the Municipal Council of the City of Vienna. The services of the WienCERT limited to the City of Vienna. Note that usually no direct support will be given to other organisations or end users. With the exception of the activities associated with the Austrian CERT-Verbund. 3.3 Sponsorship and/or Affiliation WienCERT is located at ICT department of the Municipal Council of the City of Vienna (MA 01 - Wien Digital) 3.4 Authority The main purpose of WienCERT is internal security and incident issues. The WienCERT has authority over Institutions and domains related to the Municipal Council of the City of Vienna. 4. Policies 4.1 Types of Incidents and Level of Support WienCERT is authorized to address all types of computer security incidents which occur, or threaten to occur, in our constituency (cf. 3.2) 4.2 Co-operation, Interaction and Disclosure of Information The WienCERT cooperates at national level (CERT.at, GovCERT.at, CERT-Verbund Österreich) and at international level (for example, ICS-CERT, TF-CSIRT) with other CERTs. 4.3 Communication and Authentication For normal communication not containing sensitive information WienCERT will use conventional methods like unencrypted e-mail or fax. For secure communication PGP-Encrypted e-mail will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ACOnet customers) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. 5. Services 5.1 Incident Response WienCERT coordinates incident prevention, handling and response within its constituency. 5.1.1. Incident Triage - - determine wether an incident is authentic. - - determine the applications or departments involved 5.1.2. Incident Coordination - - Contact the department(s) involved and ask them to investigate the incident and to take the appropriate steps. - - Notify other departments if appropriate. 5.1.3. Incident Resolution - - Assure the incident is handled properly by the affected department(s). Ask for feedback. - - If necessary take appropriate steps within the Network of the City of Vienna (e.g. block ports, disconnect sites, etc. ) WienCERT collects statistics about incidents within its constituency. 5.2 Proactive Activities WienCERT provides the following proactive services: - - Information services - - Database of Security Contacts - - raise security awareness in its constituency - - Blog to inform the Constituency of important issues. 6. Incident Reporting Forms There are no local forms in use. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, WienCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained therein. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBCgAGBQJc7QqQAAoJEGg446DQexb+ZF0QALGP9+9lj4lBcSpgw65FoZ1o vB/ypY10UxExaBwpAGx8opW+jjxrqcgxsvMfJN3H9nN0H0MtTITy30FqBFv9yz+x 03QAyTfr4+h+YvTsIWvnu55+PQRJTe40sWWOOYLOEOSLGSfmhIMLp8QCbaCDoaMS qb1BgyEp8FI6E5fHwI+gM2qy2THmpDbSQNxiH6p503Z37NK/EAZXaLxABygArUKH h/Cgd8ZCUAHsPgct+H8z2Ww/hNXMDtfIoMkGMDYaafI8XutzjxYuBBp2d9nyO9Oi HW3MLcs80gMce8kxP+fmI0eEWLLZl9HzkbFpntwgzR4TGIP+LN8OxenshBBNRpO1 z/42lfmX4HH0sfGRjIZVE8hXbo8WYgRScq8Cv/sAN2p8h4GZAhGjcoO3vb5B7avc FOy3vA4l9xVxAz54oTVZ04KycMG4/4yVbDAs3ObxAUfY1pbInp6UKCZwVdtsCh+r U8kRtpfqH3B35IJjXCH512NOn8MQGOBvwIPtTx0j4UBEmgkSz0HYIdMU+HetbWrJ SiiqHbJZnS2XEcqFR+SVwugRrTrqj9JlX3YoSPYNTgKm/1n9iCBRLxYlaoTlD3Rg VIapxKssYpsY7ICOPpv0kLhnSJ9syUXjgkXyFR8RwUPzMEkhQMujAE4U0X2y0E05 J2LdBmNIJSlxtSb0F68y =IiV7 -----END PGP SIGNATURE-----