legal compliance and CSIRT activities

This repository contains information and materials to support CSIRT activities and especially regarding legal compliance.

GDPR and privacy-related activities for CSIRTs

• JSON Schema for GDPR records of processing activities
• Processing activity - an example with PGP Keyserver service

Slides

• Slides - CSIRT and GDPR workshop 7th May 2018

FAQ

• General FAQ

Privacy notices for CSIRT services

• Privacy notice for OpenPGP keyserver
• Generic Privacy notice - CIRCL - privacy notice in Markdown format reusable under the terms of the Creative Common Attribution 4.0 International (CC BY 4.0) license.

Additional documents

MISP and information sharing

• MISP - Information sharing and cooperation enabled by GDPR
• MISP - How MISP enables stakeholders identified by the NISD to perform key activities

Analysis Information Leak framework (AIL) and MISP

• AIL information leaks analysis and the GDPR in the context of collection, analysis and sharing information leaks - PDF version

CSIRT tooling

• CSIRT Tooling: Best Practices in Developing, Maintaining and Distributing Open Source Tools

Acknowledgement

This work is co-financed by the European Union under the CEF grant 2016-LU-IA-0098 and CIRCL. Thanks to all the contributors who helped by providing feedback, issues and documents.