CSIRT Description for AlgoCERT
-----------------------------

   1. About this document

   1.1 Date of last update

        This document was first published on May 17th, 2016.
        No updates have been made so far.

   1.2 Distribution list for notifications

        None available.

   1.3 Locations where this document may be found

        This document can be found at https://www.algosecure.fr/cert/rfc2350-en.txt
        A French version can be found at https://www.algosecure.fr/cert/rfc2350-fr.txt

   1.4 Authenticating this document

        Both the English and French versions of this document have
        been signed with the AlgoCERT's PGP key. The signatures are
        available on our Web site, under:
          https://www.algosecure.fr/cert/rfc2350-en.sig
          https://www.algosecure.fr/cert/rfc2350-fr.sig

   2. Contact Information

   2.1 Name of the team

        AlgoCERT: the AlgoSecure Computer Emergency Response Team.

   2.2 Address

        AlgoSecure
        57 Boulevard Vivier Merle
        69003 Lyon
        FRANCE

   2.3 Time Zone

        Europe/Paris (UTC +1, and UTC +2 from April to October)

   2.4 Telephone Number

        +33 4 26 78 24 86

   2.5 Facsimile number

        None available.

   2.6 Other telecommunication

        None available.

   2.7 Electronic mail address

        You can write to us directly at cert@algosecure.fr.

   2.8 Public keys and other encryption information

        The AlgoCERT has a PGP key, whose ID is 0x801E05B0
        and whose fingerprint is FA89 A8BF ABB9 66BF FC42 CE24 7F35 4DCB 801E 05B0.
        The key and its signatures can be found at the usual large public keyservers.

   2.9 Team members

        Team members: the team consists of five security experts.

   2.10 Other information

        Operating Hours are 09:00-12:00 and 14:00-17:00 CET Monday to Friday

   2.11 Points of customer contact

        The preferred method of communication is by the web form
        available at : https://www.algosecure.fr/cert/
        Please use this form in priority so we can have the basic information
        to properly start working on your emergency. AlgoCERT can also be reached
        by email and by telephone during regular office hours.

   3. Charter

   3.1 Mission Statement

        AlgoCERT is a private computer emergency response team for the private sector,
        communes and non-governmental entities. It is operated by AlgoSecure,
        a team of experts in computer security, system and network administration
        based in Lyon, France. AlgoSecure allies performance and humanism
        to help organizations improve the security level of their information systems
        as well as the security awareness of their employees.

        Its mission are to:
          - support companies when they experience computer security incidents
          - gather intelligence from incidents
          - help organizations assess and improve their security level
          - inform its clients when vulnerabilities related to their products are released
          - provide resources to train users to computer security
		- exchange information and cooperate with other CSIRTs/CERTs

   3.2 Constituency

        The constituency of AlgoCERT are public and private organizations.

   3.3 Sponsorship and/or affiliation

        AlgoCERT is operated by AlgoSecure, a French company
        specialized in computer security based in Lyon, France.

   3.4 Authority

        AlgoCERT does not function under any authority.

   4. Policies

   4.1 Types of Incidents and Level of Support

        AlgoCERT can address all types of computer security incidents which occur
        in its constituency networks, except for DDoS attacks.
        The level of support provided will depend on the severity of the incident,
        the human and technical resources of AlgoSecure available at the time,
        and the information provided when declaring an incident.

        Note that no direct support will be given to end users; they are expected
        to contact their system administrator, network administrator,
        or department head for assistance. AlgoCERT will support the latter people.

        AlgoCERT cannot train system or network administrators on the fly,
        and it cannot perform system maintenance on their behalf.
        In most cases, AlgoCERT will provide pointers to the information needed
        to implement appropriate measures.

        The AlgoCERT is committed to keeping its paid customers informed
        of potential vulnerabilities, and where possible, will inform this community
        of such vulnerabilities before they are actively exploited.

   4.2 Co-operation, Interaction and Disclosure of Information

        AlgoCERT is willing to share technical data with other CSIRTs
        as well as with affected parties´┐Ż administrators.
        However, this information sharing will not disclose any personal or sensitive information.
        Sensitive information that will not be shared may include: name of the company
        that reported incidents, contact information of the person who declared the incident,
        public IP addresses of the affected systems, etc.

        Exchanges of sensitive information will be made in a secure manner using PGP,
        encrypted volumes, and/or any other secure mean of communication.

   4.3 Communication and Authentication

        You can contact us by phone or unencrypted email for discussing non-sensitive issues.
        If you wish to send us sensitive information,
        data should be encrypted using our aforementioned PGP key.
        Data can also be stored in an encrypted volume or a password-protected ZIP file.
        Passwords can be transmitted by encrypted emails (using our PGP key) or by phone.

   5. Services

    AlgoCERT provides proactive services in order to anticipate and prevent security incidents
    from happening. It also provides reactive services where we will assist
    system and network administrators deal with security incidents
    that occur within the information system of their company.

   5.1 Incident Response

        The incident response process will follow these phases:
          - triage: we will collect any evidence of the incident and check whether
            it is really a security incident that we can have an action on
          - study: we will investigate the incident (source, causes, timeline...)
            and look for solutions
          - resolution: we will help system/network administrators and/or developers
            remove the vulnerability or threat and try to recover potentially lost data
          - evaluation: we will write a report about the circumstances of the incident
            and what we did to help recover from it, and finally assess the service
            we provided to our customers in order to further improve it.

   5.2 Proactive Activities

        In order to prevent incidents from happening, or at least reduce
        the probability of them happening, we can audit your information system
        in order to detect vulnerabilities and try to exploit them.
        We can then explain to you what risks you are facing within your company
        and help you reduce them.

        We can deploy a monitoring service within your infrastructure
        in order to detect any abnormalities within your information system.
        We can also integrate security equipments such as firewalls,
        SIEM, IPS and IDS within your information system to anticipate
        and mitigate security incidents.

        AlgoCERT also offers a warning service about recently published vulnerabilities
        specific to the products that you use within your information system,
        so that you can be aware of vulnerabilities, the potential public exploits and patches.

        Finally, we provide training services to better educate your users
        to computer security. We can either go to your facilities and speak directly
        with the users, or send you documents that we have made (such as slideshows,
        tutorials about products, posters, etc) that you can then edit
        and present yourself to your users.

        Detailed descriptions of the aforementionned services can be found on our website.

   6. Incident Reporting Forms

     When declaring an incident, we kindly ask you to use the form
     available at https://www.algosecure.fr/cert/
     Feel free to include a lot of information regarding the incident.
     That way, we can properly start researching and investigating on the incident.
     You can also contact us using the contact information detailed in section 2 of this document.

   7. Disclaimers

     While every precaution will be taken in the preparation of information,
     notifications and alerts, AlgoCERT assumes no responsibility
     for errors or omissions, or for damages resulting from the use
     of the information contained within.