<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link rel="stylesheet" href="/style.css" type="text/css" /> <script type="text/javascript" src="/jquery.min.js"></script> <title>CERN Computer Security Information</title> <script type="text/javascript"> $(document).ready(function(){ // Menu highlight var path = location.pathname.split("/"); if ( path ) { $('#main_menu a[href*="' + path[1] + '"][class!="noselect"]').addClass('selected'); // path[3] = /security/<xxxxx>/ $('#sidebar ul.sidemenu li[class!="noselect"]:has(a[href$="' + path.reverse()[0] + '"])').addClass('selected'); } // Add icon to external links $('a[id!=logo-img]').filter(function() { return this.hostname && this.hostname !== location.hostname;   }).after(' <img src="/images/external_link.png" alt="external link" title="external link"/>'); }); </script> </head> <body> <div id="wrap"> <div id="top-bg"></div> <!--header --> <div id="header"> <div id="logo-text"> <a id="logo-img" href="https://home.cern/"><img src="/images/CERNLogo2.png" width="59" height="59" style="margin: 10px" alt="CERN Logo"/></a><div id="logo-text-big"><a href="/home/en/index.shtml" title="">CERN Computer Security</a></div> </div> <div id="header-logo"><a href="/services/en/emergency.shtml"><img width=335 src="/images/emergency.png" alt="Computer Emergencies"/></a></div> </div> <!--header ends--> <div id="header-photo"></div> <!-- navigation starts--> <div id="nav"> <ul id="main_menu"> <li><a class="noselect" href="/home/fr/index.shtml"><img src="/images/fr.png" alt="FR"/></a></li> <li><a href="/home/en/index.shtml">Home</a></li> <li><a href="/rules/en/index.shtml">Computing Rules</a></li> <li><a href="/recommendations/en/index.shtml">Recommendations</a></li> <li><a href="/training/en/index.shtml">Training</a></li> <li><a href="/services/en/index.shtml">Services</a></li> <li><a class="secured" href="/reports/en/index.shtml">Reports &amp; Presentations</a></li> </ul> </div> <!-- navigation ends--> <!-- content-wrap starts --> <div id="content-wrap"> <div id="main"> <div> <div> <h2>Data Sharing Guidelines (DSG)</h2> <em class="titledate">updated 2024/04/23 by the Computer Security Team</a></em> </div> </div> <h4>Introduction</h4> <p>This document outlines the recommended practices for sharing sensitive data with CERN and to ensure that all shared information remains confidential and secure.</p> <h4>Confidentiality and Information Handling</h4> <p>The recommended approach for sharing Indicators of Compromise (IOCs) is through <a href="https://www.misp-project.org/">Malware Information Sharing Platform (MISP)</a>. If access to MISP is unavailable, or if the information to be shared contains sensitive data beyond IOCs, it is advised to use encrypted email communication using PGP (Pretty Good Privacy). This ensures that all shared information remains confidential and secure. You can find CERN the contact details on the <a href="https://security.web.cern.ch/home/en/csirt.shtml">"How to contact the Computer Security Team" section</a>.</p> <p>In situations where PGP or other communication encryption is not possible, or if the information is classified higher than TLP:WHITE, follow the communication measures below:</p> <ul> <li><strong>Password-Protected Files:</strong> Encrypt the documents by setting a strong password. Distribute the password through a different channel. You can also use commercial solutions (Adobe Acrobat, 7-Zip, …) or the terminal (zip -e, gpg -c, openssl, ...). </li> <li><strong>Cloud Services with Encryption:</strong> To share larger files or folders securely, you can use CERNBox using a dedicated upload folder or commercial solutions (Dropbox, OneDrive, …) that support the sharing of encrypted data.</li> </ul> <p>Please ensure that any sensitive information shared complies with the <a href="https://cert.ssi.gouv.fr/csirt/sharing-policy/">TLP and PAP policies and guidelines</a>. For more assistance or information on encrypting and sharing sensitive data, please contact our security team.</p> <h4>Important Incident Attributes</h4> <p>The following attributes are key for understanding the security incident and aiding in the analysis and subsequent mitigation strategies. It is important that reports are detailed and contain contextual information to enable effective incident handling and response.</p> <ul> <li>TLP and PAP</li> <li>Incident date and time</li> <li>Actions taken</li> <li>Type of observed activity</li> <li>Detailed narrative of the event</li> <li>Severity/impact of the incident</li> <li>Organization name and contact details</li> <li>Number and type of systems affected</li> <li>People informed</li> <li>Resources available to handle the incident</li> <li>List of Indicators of Compromise</li> </ul> <h4>Types of Activities to Report</h4> <p>1. Security Incidents</p> <p>2. Data Compromise</p> <ul> <li>Compromised Accounts: Notify us if accounts have been hacked or leaked.</li> <li>Exploits: Report any software vulnerabilities that are being actively exploited.</li> <li>Unauthorized Access: Inform us about any incidents where unauthorized individuals have accessed systems or data.</li> </ul> <p>3. Malware</p> <ul> <li>Malware Samples: Provide samples or detailed descriptions of any malicious software discovered.</li> </ul> <p>4. Malicious Network Indicators</p> <ul> <li >Domains: Report any suspicious or confirmed malicious domain names.</li> <li>IP Addresses: Inform about suspicious or known malicious IPs.</li> <li>URLs: Report full or partial URLs leading to malicious content.</li> <li>Network Captures (pcap): Provide packet captures that demonstrate malicious network activity.</li> </ul> <p>5. Email Threats</p> <ul> <li>Phishing Attempts: Notify us of emails that attempt to steal personal or sensitive information.</li> <li>Spear-Phishing Attacks: Report targeted email attacks aimed at specific individuals or organizations within CERN.</li> <li>Email Spoofing: Alert us to emails that appear to be from legitimate sources but are fraudulent.</li> </ul> <h4>Reporting Resources</h4> <p>For a structured format to report these incidents, please use the provided <a href="https://gitlab.cern.ch/ComputerSecurity/public/forensics/-/blob/master/templates/email_report.template">template email for reporting security incidents</a>. Check the <a href="https://gitlab.cern.ch/ComputerSecurity/public/forensics/-/blob/master/templates/email_report.example">example email for reporting security incidents</a> to see how to effectively use the template and report an incident.</p> </div> <!-- main ends --> <!-- SIDEBAR --> <!-- sidebar menu starts --> <div id="sidebar"> <ul class="sidemenu"> <li class="noselect"><b><a href="/home/fr/index.shtml"><img src="/images/fr.png"/> Vous pr&eacute;f&eacute;rez le fran&ccedil;ais ?</a></b></li> </ul> <h3>Emergency Response</h3> <ul class="sidemenu"> <li><a href="/services/en/emergency.shtml">What to do in an emergency</a> </ul> <h3>Contact</h3> <ul class="sidemenu"> <li><a href="/home/en/csirt.shtml">How to contact the Computer Security Team</a> <li><a href="/home/en/cvd.shtml">Coordinated Vulnerability Disclosure</a> <li><a href="/home/en/CERN/liaisons.shtml">Departmental & experiment liaisons <img src="/images/bullet_lock.png" alt="CERN login required"/></a> </ul> <h3>About CERN Computer Security</h3> <ul class="sidemenu"> <li><a href="/advisories/advisories.shtml">Advisories</a></li> <li><a href="/home/en/data_sharing.shtml">Data Sharing Guidelines</a></li> <li><a href="/home/en/about.shtml">Security is not complete without you</a></li> <li><a href="/home/en/privacy_statement.shtml">Privacy Statement</a></li> <li><a href="/home/en/kudos.shtml">Kudos!</a></li> </ul> </div> <!-- sidebar menu ends --> <!-- content-wrap ends--> </div> <!-- footer starts --> <div id="footer-wrap"> <div id="footer-bottom"> &copy; Copyright 2024<strong> <a href="https://cern.ch/security">CERN Computer Security Office</a></strong> <table> <tr> <td id="footer-info-left"> e-mail: <a href="mailto:Computer.Security@cern.ch">Computer.Security@cern.ch</a><br/> Please use the following PGP key to encrypt your messages:<br/> ID: 0x954CE234B4C6ED84<br/> <a href="https://keys.openpgp.org/vks/v1/by-fingerprint/429D60460EBE8006B04CDF02954CE234B4C6ED84">429D 6046 0EBE 8006 B04C DF02 954C E234 B4C6 ED84</a> </td> <td id="footer-info-right"> Phone: +41 22 767 0500<br/> Please listen to the recorded instructions. </td> </tr> </table> </div> </div> <!-- footer ends--> </div> <!-- wrap ends here --> <!--img height=30px src="/home/en/CERNfooter_800.png"--> </body> </html>