CSIRT OU - Computer Security Incident Response Team of the University of Ostrava
CSIRT OU is a work group for assisting dealing with cyber security incidents occurring in the University of Ostrava information systems and networks (ISaS OU), or related to them. It also provides educational activities, conducts cyber security research, represents OU in national and international organisations of CSIRT teams, and assists with modifications of internal OU processes to conform with legislation concerning cyber security. It was established in the founding document 39/2018 (OU-13358/90-2018) issued by the rector of the University of Ostrava.
News concerning cyber security of OU and planned events are published in the News section.
What is a cyber security incident?
Cyber security incident within the ISaS (“security incident” further on) is any use of the ISaS in violation of the rector’s directive num. 151/2010, mainly subsection 3:”Security standards of ISaS OU”, point 4. It is also any use of ISaS that is in violation of its purpose, such as attacking and unauthorised scanning, or attacking and misusing parts of the ISaS, unauthorised access to the ISaS, purposeful or incidental spread of malware, spread of spam messages, phishing activity, or any active or passive surveillance of the ISaS network traffic.
In general, it is any event when any IT system, IT device, or network related to the OU is threatened, damaged, or exploited. Incident can also be a substantiated suspicion that such an event may have happened. It can be, for example, the following:
- unauthorised access to foreign account, be it on a PC, server, or on the Internet,
- infection of a web site,
- malware (computer with a virus, or other malicious code active),
- identity theft,
- exploiting stolen data,
- DDoS attack (attempts to disrupt the Internet access),
- phishing (fake e-mail), spam (outside of the correctly detected spam within expected parameters), etc.,
To send a report, please try to use the following template.
Main activities of the CSIRT OU
- In cooperation with the CIT, it deals with cyber security incidents within the ISaS OU. CSIRT OU provides consultation and assistance to the CIT and OU employees. It also analyses and assesses incidents that have happened within the OU, and recommends preventive measures.
- Educational activity: CSIRT OU provides both systematic education and individual expert training courses for the CIT technicians, OU employees, and students. In case of a new acute cyber security threat it provides recommendations (best practices) or it conducts focused training courses.
- Research: In cooperation with the Department of Informatics and Computers of the Faculty of Science, CSIRT OU conducts research of, for example, technical and statistical analysis of captured cyber security incidents, from which it then publishes scientific articles. According to the current cyber security threats situation, it also provides proactive or preventative recommendations, analytical reports on captured cyber security threats, and measures to take in a given situation.
- International cooperation: CSIRT OU develops international cooperiaton with mainly other CSIRT teams of the Czech Republic ant the EU via the TF-CSIRT community. It participates the meetings of both national (Czech and Slovak) and international CSIRT community.
- CSIRT OU provides its analysis, advice and recommendations during establishing internal OU processes in accordance with the responsibilities stemming from both national and international legislation.
- CSIRT OU team does not have executive power, therefore while dealing with cyber security incidents it serves as a coordinator capable of providing methodical assistance. Only the Centre for Information Technology of UO have executive power. Technical contact for reporting incidents to CIT is .