RFC2350 TLP1: WHITE. Έκδοση National CSIRT-CY RFC2350

Similar documents
CSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague

RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

Presentation to the ITU on the Q-CERT Incident Management Team. Ian M Dowdeswell Incident Manager, Q-CERT

The latest version of this profile can be found on the location specified in 1.3

1. Document Information

1. Document Information

Current procedures, challenges and opportunities for collection and analysis of Criminal Justice statistics CERT-GH

Defining Computer Security Incident Response Teams

Be Secure! Computer Security Incident Response Team (CSIRT) Guide. Plan Establish Connect. Maliha Alam Mehreen Shahid

The Case for National CSIRTs

1 RFC Document Information. 2. Contact Information Date of Last Update Distribution List for Notifications

Centralised service 6-7: Ensuring the resilience of centralised services cyber-security and sharing cyber intelligence

CSIRT SERVICES. Service Categories

Centralised service 6-7: Ensuring the resilience of centralised services cyber-security and sharing cyber intelligence

Member of the County or municipal emergency management organization

Croatian National CERT ACDC project Darko Perhoc, Head of National CERT CISSP, CEH, CCNP Security R&S,CCDP

Building Global CSIRT Capabilities

CIRT: Requirements and implementation

RFD. for ICERT ( ) RESULTS-FRAMEWORK DOCUMENT. Department of Information Technology. Results-Framework Document (RFD) for CERT-In ( )

Italian government CERT: INITIAL RESULTS

Bradford J. Willke. 19 September 2007

Incident Response. Is Your CSIRT Program Ready for the 21 st Century?

Global Response Centre (GRC) & CIRT Lite. Regional Cyber security Forum 2009, Hyderabad, India 23 rd to 25 th September 2009

Fundamentals of Cybersecurity/CIIP. Building Capacity: Using a National Strategy & Self-Assessment

Panelists. Moderator: Dr. John H. Saunders, MITRE Corporation

CERT.be Brussels 2011

Integrated, Intelligence driven Cyber Threat Hunting

Cyber Security Program

ISAO SO Product Outline

CompTIA Security+ Study Guide (SY0-501)

Cybersecurity Survey Results

RFC 2350 (BCP 21) Description of University of Cambridge Computer Emergency Response Team (CamCERT)

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

Critical Information Infrastructure Protection. Role of CIRTs and Cooperation at National Level

Critical Information Infrastructure Protection Law

Information Security Controls Policy

The Common Controls Framework BY ADOBE

Function Category Subcategory Implemented? Responsible Metric Value Assesed Audit Comments

ITU-IMPACT Capacity Building for Least Developed & Developed Countries

CERT Development EFFECTIVE RESPONSE

Heavy Vehicle Cyber Security Bulletin

Cybersecurity Strategy of the Republic of Cyprus

Security of Information Technology Resources IT-12

Centre for cybersecurity Belgium : Role, Missions et future capacities

SECURITY & PRIVACY DOCUMENTATION

locuz.com SOC Services

How AlienVault ICS SIEM Supports Compliance with CFATS

Incident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Emerging Issues: Cybersecurity. Directors College 2015

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Unauthorized Access

NATIONAL STRATEGY:- MALAYSIAN EXPERIENCE

Nebraska CERT Conference

National Cyber Security Strategy - Qatar. Michael Lewis, Deputy Director

Information Security and Cyber Security

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

About Issues in Building the National Strategy for Cybersecurity in Vietnam

INCIDENTRESPONSE.COM. Automate Response. Did you know? Your playbook overview - Elevation of Privilege

Directive on security of network and information systems (NIS): State of Play

Regional Workshop on Frameworks for Cybersecurity and CIIP Feb 2008 Doha, Qatar

Cyber Defense Maturity Scorecard DEFINING CYBERSECURITY MATURITY ACROSS KEY DOMAINS

WHITE PAPER- Managed Services Security Practices

A company built on security

RSA Solution Brief. Managing Risk Within Advanced Security Operations. RSA Solution Brief

Objectives of the Security Policy Project for the University of Cyprus

Cyber Security Incident Response Fighting Fire with Fire

Security+ SY0-501 Study Guide Table of Contents

Computer Security Incident Response Plan. Date of Approval: 23-FEB-2014

The NIST Cybersecurity Framework

ISO27001 Preparing your business with Snare

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

OAS Cybersecurity Capacity Building Efforts

Information Security Incident Response Plan

Assessing Your Incident Response Capabilities Do You Have What it Takes?

Cybersecurity Auditing in an Unsecure World

Are we breached? Deloitte's Cyber Threat Hunting

Information Security Incident Response Plan

Business continuity management and cyber resiliency

Certified Information Systems Auditor (CISA)

NEN The Education Network

An overview of the CERT/CC and CSIRT Community

NIS-Directive and Smart Grids

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Symantec Security Monitoring Services

INCIDENT RESPONDER'S FIELD GUIDE INCIDENT RESPONDER'S INCIDENT RESPONSE PLAN FIELD GUIDE LESSONS FROM A FORTUNE 100 INCIDENT RESPONSE LEADER

Directive on Security of Network and Information Systems

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Privacy & Information Security Protocol: Breach Notification & Mitigation

Gujarat Forensic Sciences University

ENDNOTE SECURITY OVERVIEW INCLUDING ENDNOTE DESKTOP AND ONLINE

DATA SHEET RSA NETWITNESS PLATFORM PROFESSIONAL SERVICES ACCELERATE TIME-TO-VALUE & MAXIMIZE ROI

Cybersecurity The Evolving Landscape

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Oracle Data Cloud ( ODC ) Inbound Security Policies

Cyber security tips and self-assessment for business

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Promoting Global Cybersecurity

Transcription:

Έκδοση 1.2-2018.02.14 TLP1: WHITE 1 TLP Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. TLP: WHITE 1

Contents 1. Purpose of a document... 3 1.1 Date of last revision... 3 1.2 Distribution list for alerts... 3 1.3 Position where the document can be found... 3 1.4 Document authentication... 3 2. Point of contact information... 4 2.1 Group name... 4 2.5 Hotline number (Local)... 4 2.6 Fax Number... 4 2.8 Public Keys and other Encryption information... 4 2.9 Team members... 5 2.10 Other Information... 5 2.11 Points of contact... 5 3. Charter... 6 3.2 Establishment and responsibilities... 6 4. Policies... 7 4.2 Cooperation, Interaction and Disclosure of Information... 7 4.3 Communication and Authentication... 7 5.1 Incident Response... 8 5.2 Proactive Activities... 8 6. Incident report forms... 9 7. Disclaimer... 9 TLP: WHITE information may be distributed without restriction, subject to copyright controls. TLP: WHITE 2

1. Purpose of a document The document describes the operation of the National CSIRT-CY according to. 1.1 Date of last revision This is version 1.2, published in February 2018. This version is in effect until it is overwritten by a recent version. 1.2 Distribution list Changes to this document will not be shared through email or any other mechanism. Please send any questions or comments to info@csirt.cy 1.3 Position where the document can be found The current version of this document described by the National CSIRT-CY is always available on the http://www.csirt.cy website under the About Us section. Please check that you are using the latest version. 1.4 Document authentication This document has been signed with the National CSIRT-CY PGP key. The PGP fingerprint is available on the http://www.csirt.cy link. TLP: WHITE 3

2. Point of contact information 2.1 Group name National CSIRT-CY. 2.2 Address National CSIRT-CY. 8, Ilioupoleos, 1101, Nicosia, Cyprus. 2.3 Zone Time EET, Eastern European Time (UTC/GMT + 2 hours). 2.4 Telephone number +357 22 693094, +357 22 693095. 2.5 Hotline number (Local) 1490. 2.6 Fax Number +357 22 693096. 2.8 Public Keys and other Encryption information The National CSIRT-CY has a PGP key, with Fingerprint: 3B8CE53084F38F7C245B269CFA7FF237B641952D The public key and its signatures can be found on the usual large public key servers as well as on the National CSIRT-CY public website. At the link site http://www.csirt.cy TLP: WHITE 4

2.9 Team members Group members are available on request. 2.10 Other Information General information about the National CSIRT-CY can be found on the website at the link http://www.csirt.cy 2.11 Points of contact The suggested method for contacting the National CSIRT-CY is via info@csirt.cy. All incidents can be reported on reporting@csirt.cy National CSIRT-CY encourages the use of secure email (for example, with PGP encryption) when exchanging sensitive information. Alternatively, the telephone number referred to in 2.4 may be used. The National CSIRT-CY provides services and operates 24 hours a day, 7 days a week. TLP: WHITE 5

3. Charter 3.1 Mission Statement National CSIRT-CY envisions the increase of the security posture of The Republic of Cyprus by enhancing cyber protection of its National Critical Information Infrastructures (CII), banks and ISPs. National CSIRT-CY shall coordinate and assist CII owners/administrators, banks and ISPs to ensure the existence of (at least) a minimum level of security, by implementing proactive and reactive security services to reduce the risks of network information and cyber security incidents, as well as respond to such incidents as and when they occur. National CSIRT-CY shall also undertake awareness actions in order to educate the local population and National stakeholders about the adverse effects of cyber threats and cybercrime. In an earnest effort to enhance the security posture of the nation the National CSIRT-CY shall provide timely advisories to all its constituents and make necessary efforts to introduce advance security services such as security testing, vulnerability scanning and active network monitoring. 3.2 Establishment and responsibilities The National CSIRT-CY was established in 2016 by the government decision Action No. 81/477. The main responsibilities and services provided to the Critical Information Infrastructures (CII), Banks and ISPs from the National CSIRT-CY are: Reactive: These services are triggered by an event or on request. a. Incident Handling (Incl. Analysis, Response on site, Response support, Response Coordination) b. Vulnerability Handling (Incl. Analysis, Response, Response Coordination) c. Artifact Handling (Incl. Analysis, Response, Response Coordination) Proactive: These services provide assistance and information to help prepare, protect and secure constituent systems. a. Alerts and Warnings b. Announcements c. Technology Watch d. Security Audits and Assessments e. Configuration and Maintenance of Security Tools, Applications and Infrastructures f. Development of Security Tools g. Intrusion detection Services h. Security Related Information Dissemination TLP: WHITE 6

i. Security Quality Management Services: These services augment existing and well-established services that are independent of incident handling. j. Artifact Handling (Incl., Artifact analysis, Artifact response, Artifact response coordination) k. Forensic analysis l. Risk Analysis m. Business Continuity and Disaster Recovery Planning n. Security Consulting o. Awareness Building p. Education/Training 4. Policies 4.1 Incident Handling and level of support The level of support offered by the National CSIRT-CY depends on the type of constituent, the severity and the impact of the incident. 4.2 Cooperation, Interaction and Disclosure of Information The National CSIRT-CY highly regards the importance of operational cooperation and information sharing between Computer Emergency Response Teams, and also with other organizations which may contribute towards or make use of their services. All sensitive data and information (personal data, system/service configuration, vulnerabilities with their locations) are transmitted encrypted. The National CSIRT-CY operates in accordance with the GDPR. 4.3 Communication and Authentication The suggested method for contacting the National CSIRT-CY is via info@csirt.cy. All incidents can be reported on reporting@csirt.cy. National CSIRT-CY encourages its counterparts to use secure email (for example, PGP) when exchanging sensitive information. Alternatively, the telephone number referred to in 2.4 may be used. The National CSIRT-CY provides services and operates 24 hours a day, 7 days a week. TLP: WHITE 7

5. Services 5.1 Incident Response The National CSIRT-CY will help system administrators to handle the technical and organizational issues occurred from incidents. In particular, it provides help or advice on the following: 5.1.1 Incident Triage a. Investigating whether indeed an incident occurred. b. Assessing and prioritizing the incident. c. Conducting investigation. 5.1.2 Incident Coordination a. Determining the involved organizations. b. Contact the involved organizations to investigate the incident and take the appropriate steps. c. Facilitate contact to other parties which can help resolve the incident. d. Contacting or facilitating contacting appropriate law enforcement officials, if necessary. 5.1.3 Incident Resolution a. Technical assistance and analysis of compromised systems. b. Support in restoring affected systems and services to their previous status. c. Collecting statistics and evidence about incidents, that could be used for protecting against future attacks. 5.2 Proactive Activities Preventing and Reactive services a. Issuing of threats/attacks and proposed preventive measures. b. Information and awareness of security tools and events. c. Creation of security documents that help minimize vulnerabilities. TLP: WHITE 8

d. Security alerts. e. Vulnerability assessments. f. Malware analysis. 6. Incident report forms The incident report form is available on the website www.csirt.cy 7. Disclaimer While every precaution will be taken in the preparation of information, notifications and alerts, the National CSIRT-CY assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. TLP: WHITE 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback