Cybersecurity
Proper security is increasingly important because of the increasing dependence on ICT in education and research. SURF's ambition is to make institutions resilient against cybercriminals. Among other things, by helping them reach NBA maturity level 3.
Angry security

Security communities: working together on security and privacy

SURF has two security communities: SCIPR and SCIRT. Information security officers and privacy officers work together in SCIPR (SURF Community for Information Security and PRivacy). Technical, operational security specialists can go to SCIRT, the SURF Community of Incident Response Teams. Both communities work closely together.

About SCIPR

Information security and privacy officers in education work together in SCIPR (SURF Community for Information Security and PRivacy). Among other things, we jointly draw up policies and guidelines there to improve your institution's information security and privacy.

Professionalising information security

In the SCIPR community, we work together to improve professional information security and privacy. We are a community of practice and help you further professionalise information security by:

  • Improving common knowledge.
  • Developing policies and procedures on information security,
  • Making policies, procedures and best practices available via guidance documents.
  • Contributing to the development of SURFaudit. This is the measuring instrument for the Higher Education Information Security Standards Framework.
  • Help develop guidelines and advice to help you comply with the changing privacy legislation.

Guidance and starter kits

We have recorded various best practices in models, guidance documents and starter kits.

Become a member

Would you like to become a member of SCIPR? Then send an email to lidmaatschap@scipr.nl.

Contacts

About SCIRT

Operational security experts discuss current security challenges and exchange the latest tips & tricks with peers in SCIRT (SURF Community of Incident Response Teams). The aim is to raise the overall level of knowledge and experience within education and research to a higher level.

Exchange tips & tricks on cybersecurity threats

In our forum, we discuss and analyse the latest cybersecurity threats. We discuss ideas, tips and tricks to successfully ward off the threats from multiple perspectives. We mainly focus on operational security and security incident management (CERT/CSIRT).

Knowledge exchange in multiple ways

We exchange knowledge with each other in various ways:

  • digitally, for example via e-mail, a dedicated wiki and secure messaging
  • at meetings where you get to know each other and exchange knowledge in an accessible and familiar way
  • during workshops, for example in the field of new cyber security techniques or tools
  • at the annual two-day Security and Privacy Conference. These are organised jointly by SCIRT, the SCIPR community and SURFcert.

Meetings and workshops are organised at least 3 times a year.

Exchange of information within SCIRT via Traffic Light Protocol (TLP)

How confidential is a the information? Say it with colours

The Traffic Light Protocol (TLP) is a simple protocol used by cybersecurity professionals to indicate with colours how confidential a specific information exchange is. Everyone then knows how that information should be handled. It is crucial that everyone in the community attaches the same meaning to the 4 TLP colours: TLP:RED, TLP:AMBER, TLP:GREEN and TLP:WHITE.

Meaning of the TLP colours

A basic tenet of using TLP is that only the provider of information is "in charge" of what recipients may do with it. Thus, recipients who are in doubt or wish to distribute more widely should always seek permission from the provider first.

TLP:RED

  • "For your eyes and ears only"
  • The information is exchanged on a strictly confidential basis and is intended only for its direct recipients.
  • The recipient may not distribute TLP:RED information further.
  • Only the provider of the information can determine when, and under what conditions, the information can be further disseminated.

TLP:AMBER

  • The information is exchanged on a confidential basis and is intended for its recipients, but they may also share it with colleagues within their own organisation if there is a good reason to do so (need to know), e.g. to solve a security problem.
  • A recipient of TLP:AMBER information who passes it on to colleagues must explain to these colleagues that they are not allowed to disseminate the information further (in effect, the information then becomes TLP:RED for them).

TLP:GREEN

  • The information is not public but may, within reason, be shared within its own community.
  • So TLP:GREEN information may, for example, be shared within one's own institution, as long as it does not become public.

TLP:WHITE

  • This is basically public information that may be freely shared.
  • Note that original rights and obligations, such as copyrights, of course still apply.
Collaboration of security experts

SCIRT's main goal is to bring together knowledge from all security experts from SURF member institutions. We are a working group for, but also by the community. You can already join SCIRT if you do CSIRT-related work within your institution. Even if you have not yet organised that into a CSIRT.

Read more about setting up your own CSIRT on the SURFcert wiki

Become a member

Joining SCIRT is only possible with an e-mail address from a SURF member institution and if you work as an operational security expert. Because sensitive information is regularly shared within the SCIRT community, we have a code of conduct and an application procedure. If you are interested, we will be happy to inform you further about this. Send an e-mail to: lidmaatschap@scirt.nl.

Organisation of the SCIRT community

The current, elected chairman is Ewald Beekman(voorzitter@scirt.nl), he is IT Security Officer at Amsterdam UMC. Don Stikvoort(secretaris@scirt.nl) is the secretary. Rogier Spoor(surf@scirt.nl) guides and supports the SCIRT community from SURF.

A programme group prepares the substantive programme components. It consists of:

  • Ewald Beekman - Amsterdam UMC
  • Bauke Gehem - Summa College
  • Lars Hameeteman - ErasmusMC
  • Remon Klein Tank - WUR
  • Rogier Spoor - SURF
  • Don Stikvoort - Open CSIRT Foundation (external)

STITCH: a short checklist for application security

It is increasingly important that software and services meet security requirements. But how do you choose among all those different lists and guidance documents? SCIRT, the cybersecurity community, therefore developed a simplified checklist: the Security Technical IT Checklist (STITCH).

1 simple security checklist for higher education and research

Every security officer at an institution knows the problem: when is a new service or software secure? With ISO27001, you mainly look at procedural and organisational security. But you also want to practically test technical security. And couldn't that be simpler? Hasn't a fellow institution already done the same? To provide better insight into these kinds of questions, SCIRT made a simple checklist: the STITCH.

STITCH principles

The principle of STITCH is simple: it is a ground rule with a limited number of requirements. You measure these requirements easily, and the results are shared within SCIRT. Security officers use these basic principles to determine the security of a service or software much more quickly and easily. STITCH consists of 8 principles, with detailed examples.

Take a look at STITCH

Sharing results

Detailed test results are shared confidentially and only within the SCIRT community. For more information, see the wiki of SCIRT (login required).