RFC2350

Nexturia profile

The following profile of Nexturia has been established in adherence to RFC-2350.

1. Document Information

1.1. Date of Last Update

This is version 1.0 of 01-July-2024

1.2. Distribution List for Notifications

This profile is kept up­to­date on the location specified in 1.3 . There is no distribution list for notifications provided by Nexturia. Any specific questions or remarks please address to the Nexturia mail contact address.

1.3. Locations Where this Document May Be Found

The current version of this profile is always available on https://nexturia.eu/rfc2350

2. Contact Information

2.1. Name of the Team

Nexturia

2.2. Address

Nexturia Comm.V.
Hofstraat 25
3070 Kortenberg
Belgium

2.3. Time Zone

GMT+1 (CET)

2.4. Telephone Number

+32 (0) 486 64 10 33

2.5. Facsimile Number

None

2.6. Other Telecommunication

None

2.7. Electronic Mail Address

info (at) nexturia.eu

2.8. Public Keys and Encryption Information

PGP/GnuPG is supported for secure communication.
PGP Key ID: 0x77CD14F2464E04DA
PGP Key Fingerprint: 5EFD 2662 AC82 9284 D4AA 22DE 77CD 14F2 464E 04DA

2.9. Team members

Not available.

2.10. Other Information

General information about Nexturia is available at nexturia.eu .

2.11. Points of Customer Contact

The preferred method for contacting Nexturia is via e-mail.

3. Charter

3.1. Mission Statement

Nexturia is a private CSIRT delivering security services, mainly in Belgium and Europe.

3.2. Constituency

The constituency of Nexturia is its customer community which can be found in private sector / non-profit organisations, NGOs, public sector bodies, and commercial bodies.

3.3. Sponsorship and/or Affiliation

The CSIRT of Nexturia is part of Nexturia Comm.V. (BE VAT 1010.200.758).

3.4. Authority

Nexturia coordinates security incidents on behalf of its constituency, and only at its constituents’request.

4. Policies

4.1. Types of Incidents and Level of Support

Nexturia addresses all types of computer security incidents or threats which occur in its constituency (see 3.2).

The level of support will vary depending on the type and severity of the incident or issue, its potential or assessed impact, the type of constituent, the size of the user community affected, and the Nexturia available resources at the time.

4.2. Co-operation, Interaction and Disclosure of Information

All incoming information is handled confidentially, regardless of its priority. Nexturia supports the use of the information sharing Traffic Light Protocol (TLP https://www.first.org/tlp/).

Nexturia operates within the bounds of the Belgian Law.

4.3. Communication and Authentication

E-mails and telephones are considered sufficiently secure to be used even unencrypted for the transmission of low-sensitivity data. If it is necessary to send sensitive data by e-mail, encryption (preferrably PGP) will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust or by other methods like call-back, mail-back or even face-to-face meeting if necessary.

Nexturia protects sensitive information in accordance with relevant Belgian and European regulations and policies within Belgium and the EU. Nexturia respects the sensitivity markings allocated by originators of information communicated to Nexturia.

5. Services

5.1. Incident Response (Triage, Coordination and Resolution)

  • Alerts & warnings
  • Incident triage
  • Investigating whether an incident occurred
  • Determining the extent of the incident
  • Incident coordination
  • Determining the initial cause of the incident
  • Facilitating contact with other sites which may be involved
  • Communicate with stakeholders
  • Reporting to other CSIRTs
  • Facilitating contact with appropriate law enforcement agencies
  • Incident response
  • Provide assistance in evidence collection and data interpretation
  • Helping to remove the vulnerability
  • Helping to secure the system from the effects of the incident
  • Threat intelligence
  • Disseminating information on cyber attacks
  • Providing situational awareness
  • Technology support
  • Artefact analysis
  • Forensic analysis
  • Vulnerability management

5.2. Proactive Services

  • Announcements
  • Development of security tools
  • Intrusion detection services
  • Technology watch
  • Software development

5.3. Quality Management Services

  • Awareness building
  • Education & training
  • Threat analysis
  • Security consulting

6. Incident reporting Forms

Not available. Preferably report incidents in plain text using signed or encrypted e-mail.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, Nexturia assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.