1. About this document
This document contains an RFC2350-compliant description of AGH CSIRT and provides fundamental information about its mandate, responsibilities, and communication channels.
1.1 Date of Last Update
This is version 1.0, published 2026/05/04.
1.2 Distribution List for Notifications
There is no distribution channel to notify changes to this document.
1.3 Locations where this Document May Be Found
The current version of this CSIRT description document is available from the AGH CSIRT WWW site; its URL is https://bezpieczenstwo.agh.edu.pl/o-nas/rfc2350.
Please make sure you are using the latest version.
2. Contact Information
2.1 Name of the Team
AGH CSIRT: the AGH Computer Security Incident Response Team
2.2 Address
AGH CSIRT
Centre for Information Security
AGH University of Krakow,
Władysława Reymonta Street 23
30-059 Kraków
Poland
2.3 Time Zone
Europe/Warsaw (GMT+0100, and GMT+0200 from last Sunday of March to last Sunday of October).
2.4 Telephone Number
+48 885 850 762
2.5 Facsimile Number
None available.
2.6 Other Telecommunication
None available.
2.7 Electronic Mail Address
security@agh.edu.pl, cert@agh.edu.pl, csirt@agh.edu.pl, bezpieczenstwo@agh.edu.pl
2.8 Public Keys and Other Encryption Information
The AGH CSIRT has a PGP key, whose KeyID is C4D4 EFCD 5ACA 2C15 and whose fingerprint is 38A4 27B3 6A07 229B 4E54 5133 C4D4 EFCD 5ACA 2C15.
The key and its signatures can be found at the usual large public keyservers.
The PGP Key used by AGH CSIRT also can be found at: https://bezpieczenstwo.agh.edu.pl/home/bezpieczenstwo/klucz_bezpieczenstwo.key
2.9 Further Information
Further information about AGH CSIRT can be found at https://bezpieczenstwo.agh.edu.pl/
2.10 Points of Contact
The preferred method for contacting the AGH CSIRT is via e-mail at <security@agh.edu.pl>, <cert@agh.edu.pl>, <csirt@agh.edu.pl> or <bezpieczenstwo@agh.edu.pl>.
Cybersecurity incidents can also be reported via an online form available on the AGH CSIRT website.
If it is not possible (or not advisable for security reasons) to use e-mail, the AGH CSIRT can be reached by telephone during regular office hours.
The AGH CSIRT's hours of operation are generally restricted to regular business hours (07:30-15:30 Monday to Friday except Polish bank holidays).
Outside working hours, please contact by form/email only.
3. Charter
3.1 Mission Statement
The AGH CSIRT, operating as part of the AGH Centre for Information Security (CBI), is responsible for improving the security posture of the university by coordinating incident response, monitoring threats and vulnerabilities, and supporting the implementation of security measures. It also promotes cybersecurity awareness and best practices within the organisation.
3.2 Constituency
The constituency covers all entities, users, systems, and organizational units within the team's operational scope that rely on its services.
IP address ranges within AGH CSIRT's scope are:
149.156.96.0/19
149.156.192.0/20
3.3 Affiliation / Sponsoring Organization
The AGH CSIRT operates as part of Centre for Information Security (CBI), AGH University of Krakow.
3.4 Authority
AGH CSIRT operates within the Centre for Information Security (CBI), which is part of the Security and Defence Sector of AGH University of Krakow.
Its authority is defined by the following Rector’s Ordinances: No. 1/2024, No. 68/2024 and No. 73/2024.
Within this mandate, AGH CSIRT is authorized to:
– cooperation with the IT Sector in ensuring the cybersecurity of the University's information and communication systems,
– monitoring of activity and vulnerabilities within the University's networks and information systems,
– handling and coordination of information security incidents,
– recommending tasks aimed at enhancing information security and cybersecurity at the University for implementation by organizational units,
– conducting activities related to malware analysis, incident handling, and digital forensics for external entities,
– delivering advisory and training services in the field of cybersecurity for University staff and external entities.
4. Policies
4.1 Types of Incidents and Level of Support
The AGH CSIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, at AGH University.
The AGH CSIRT is committed to keeping the AGH University system administrators community informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.
4.2 Privacy Policy
Personal data are processed in accordance with GDPR and the university’s internal regulations: https://www.agh.edu.pl/en/personal-data-protection/controllers-information-about-personal-data-processing/general-information
4.3 Communication and authentication
From the communication means made available by AGH CSIRT, phone and non-ciphered e-mail are considered to be sufficient for non-sensitive information transmission. In order to transmit sensitive information, PGP usage is mandatory.
5. Services
AGH CSIRT services are built based on the FIRST CSIRT Services Framework.
5.1. Information Security Event Management
5.1.1 Monitoring and detection
Automated analysis of contextual data for the purpose of identifying
potential information security incidents, leveraging correlation rules,
statistical models, machine learning methods, as well as manual analysis.
5.1.2 Event analysis
Triage, assessment, and qualification of detected or received reports and
incidents, including the aggregation and correlation of related events.
5.2 Information Security Incident Management
5.2.1 Information security incident report acceptance
Includes the creation, submission, and handling of security-related reports and notifications.
5.2.2 Information security incident analysis
Includes data correlation, timeline reconstruction, identification of Indicators of Compromise (IOCs), as well as impact assessment.
5.2.3 Artifact and forensic evidence analysis
Analysis of digital evidence conducted in controlled environments, with full preservation of the chain of custody.
5.2.4 Mitigation and recovery
Development and recommendation of remediation plans, including guidance on their implementation to restore operational capability.
5.2.5 Information security incident coordination
Reporting to individuals involved in the incident handling process, management, and updates to the incident response plan.
5.2.6 Crisis management support
Provision of in-depth technical analysis in critical situations.
5.3 Vulnerability Management
5.3.1 Vulnerability discovery / research
Identification and research of newly discovered vulnerabilities in systems and applications.
5.3.2 Vulnerability report intake
Reception and initial validation of vulnerability reports submitted by researchers and relevant internal and external parties.
5.3.3 Vulnerability analysis
Assessment of vulnerability severity, exploitability conditions, and potential impact.
5.3.4 Vulnerability coordination
Coordination of the vulnerability handling process among relevant internal and external parties – from identification through remediation or risk acceptance.
5.3.5 Vulnerability disclosure
Management of the process of disclosing vulnerability information to the appropriate asset owners or responsible parties.
5.3.6 Vulnerability response
Monitoring and verification of the implementation of security fixes addressing vulnerabilities in selected systems.
5.4 Situational Awareness
5.4.1 Data acquisition
Collection of data from multiple sources.
5.4.2 Analysis and synthesis
Creation of a cyber threat view of the situation through data correlation.
5.4.3 Communication
Distribution of alerts and situational awareness information to interested parties.
5.5 Knowledge Transfer
5.5.1 Awareness building
Delivery of educational campaigns aimed at raising threat awareness among interested parties.
5.5.2 Training and education
Development of incident response team capabilities.
5.5.3 Exercises
Simulations and practical exercises designed to test and improve incident response capabilities.
5.5.4 Technical and policy advisory
Advisory services related to information security policies and technical security solutions.
6. Incident Reporting Forms
The current version of incident reporting form is available on: https://bezpieczenstwo.agh.edu.pl/zglos-incydent/formularz-zgloszeniowy
7. Disclaimer
While every precaution will be taken in the preparation of information, notifications and alerts, AGH CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.