1. Information about this document
This document describes the computer security incident response service of the Portucalense University according to RFC 2350.
1.1 Last updated
2026/01/19 (yyyy/mm/dd)

1.2 Distribution list for notifications
There is no distribution channel to notify changes to this document.
Updates to this document will be visible in the place specified in the article 1.3.

1.3 Access to this document
The updated version of this document is available at https://www.upt.pt/csirt/rfc2350-en.txt
The Portuguese language version is available at https://www.upt.pt/csirt/rfc2350-pt.txt

1.4 Authenticity of this document
Both the Portuguese and English versions of this document have been signed with the CSIRT-UPT's PGP key.
The signatures are also on our website, under:
https://www.upt.pt/csirt/rfc2350-en.txt.asc
https://www.upt.pt/csirt/rfc2350-pt.txt.asc

2. Contact information
2.1 Name of the team
UPT-CSIRT

2.2 Address
Portucalense University I-D.H.
Rua Dr. António Bernardino de Almeida, 541
4200-072 Porto
Portugal

2.3 Time zone
Portugal/WEST (GMT+0, GMT+1 in day-light saving time)

2.4 Telephone number
+351 225 572 000

2.5 Facsimile number
None.

2.6 Other telecommunication
None.

2.7 Electronic mail address
Electronic mail address to notify about computer security information incidents:
csirt@upt.pt
Electronic mail address for IT support:
helpdesk@upt.pt
Electronic mail address for other issues:
info@upt.pt

2.8 Public keys and encryption information
PGP Key ID: 632C31E9
PGP Fingerprint: 9ECA 80BD FA33 6D2A 7E83  1516 FE78 C8F9 632C 31E9
The key is available at https://www.upt.pt/csirt/pgp-csirt.asc

2.9 Team members
Members: Paulo Almeida, José Soares

2.10 Other information
More information about UPT-CSIRT can be found at https://www.upt.pt/csirt/info

2.11 User contact means
The preferred method for contacting UPT-CSIRT is via e-mail as described in sections 2.7 using the template shown in section 6.
3. Charter
3.1 Mission statement
The purpose of UPT-CSIRT is to allow Portucalense University to coordinate security efforts and incident response for IT-security problems.

3.2 Constituency
UPT-CSIRT coordinates responses to cybersecurity incidents that involve any entity within Portucalense University, including devices belonging to a network or address allocated exclusively to Portucalense University.

3.3 Affiliation
UPT-CSIRT is a service of the Portucalense University. UPT-CSIRT keeps a close coordination with RCTS CERT (https://www.fccn.pt/seguranca/rcts-cert/).

3.4 Authority
UPT-CSIRT authority is defined by the DSI Director of Portucalense University.
UPT-CSIRT hopes to collaborate with the various IT departments of all university. In case of lack of answer in an acceptable time, and if the incident requires, restriction or blocking of connectivity may occur.

4. Policies
4.1 Incident types and support level
UPT-CSIRT handles all types of cybersecurity incidents, categorized in the following types:
a) Malicious code
b) Availability
c) Information Collection
d) Intrusion Attempt
e) Intrusion
f) Information security
g) Fraud
h) Abusive Content
i) Vulnerable
j) Other
The level of support given by UPT-CSIRT varies depending on the type, severity and scope of ongoing incidents and the resources available for its treatment.

4.2 Cooperation, interaction and privacy policy
UPT-CSIRT privacy policy and data protection establishes that sensitive information can be sent to third parties, only and exclusively on a real need basis, with the exception of judicial entities.
Information that is not confidential will be used for statistical ends, which can be disclosed to other entities.

4.3 Communication and authentication
For normal communication not containing sensitive information UPT-CSIRT, phone and non-ciphered e-mail are considered to be sufficient for non-sensitive information transmission. In order to transmit sensitive information, PGP usage is mandatory.

5. Services
5.1 Coordination of security incidents
UPT-CSIRT will coordinate a response to a security incident between the interested/affected parties. This coordination typically will involve the asset owner or the team responsible for the involved network segment. The handled incident can start by UPT-CSIRT initiative, for example a large-scale incident, or can be started by other designated means. Auto-generated reports and data-feeds will be handled as automatically as possible.
This incident coordination includes:

5.1.1 Incident triage
1) Determining whether an incident is authentic if possible;
2) Determine the involved entities;
3) Assessing and prioritizing the incident.
5.1.2 Incident coordination
1) Contact the involved entities to investigate the incident and take the appropriate steps
2) Facilitate contact to other parties which can help resolve the incident
3) Send response to other CSIRTs or original requester.
UPT-CSIRT works as an information hub which knows where to send the right incident reports to in order to help and facilitate the resolution of IT security incidents.

5.1.3 Incident resolution
UPT-CSIRT follows up on the progress of the concerned local security teams.
In case an incident is not solved in a timely manner, UPT-CSIRT can initiate the process to restrict connectivity in case of necessity and/or analyze involved assets.
UPT-CSIRT will also collect statistics about incidents.

5.2. Proactive activities
UPT-CSIRT coordinates and maintains the following services:
1) Risk analysis
2) Security audits
3) Dissemination of alerts;
4) Configuration and maintenance of security tools;
5) Intrusion detection analysis;
6) Dissemination of information related to security.
7) Internal vulnerability checking.
UPT-CSIRT does not carry out the abovementioned mitigation or resolution measures. This responsibility lies with each person responsible for the affected asset.

6. Incident reporting forms
When submitting a security incident, it is necessary to indicate clearly:
1) IP address and port for the source and destination (4 itens);
2) The date, time and time zone, accurately, if it is not possible, the time interval;
3) Packet headers;
4) Incident category according to section 4.1
7. Disclaimer
While every precaution will be taken in the preparation of information, on the internet portal or other means of communication, UPT-CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
Incident notification to UPT-CSIRT does not substitute notification to judicial authorities or other legal institutions, when the incident also configures an illegality which penal procedure depends on oficial complaint or particular accusation.