Domov      Nastavenia 
RSS English Slovensky

Aktuálne
Zahraničné zdroje
Nahlásené incidenty
1.1.2017 - 31.12.2017
 

Graf

CSIRT.SK description document according to RFC 2350

1. Document Information

This document provides formal description of the CSIRT.SK based on RFC 2350.

1.1. Date of Last Update

This is version 1.4, published on May 17th, 2018

1.2. Distribution List for Notifications

This profile is kept up-to-date on the location specified in 1.3. E-mail notifications of updates are sent to:

Any questions about updates please address to the CSIRT.SK e-mail address.

1.3. Locations where this Document May Be Found

The current version of this CSIRT/CERT description document is available from the CSIRT.SK site; its URL is: http://www.csirt.gov.sk/doc/rfc2350.txt. Please make sure you are using the latest version of this document.

1.4. Authenticating this Document

This document has been signed with the CSIRT.SK PGP key.
The signatures are also available on our web site, under:
http://www.csirt.gov.sk/doc/rfc2350.txt.sig

2. Contact Information

2.1. Name of the Team

CSIRT.SK - Computer Security Incident Response Team Slovakia

2.2. Address

CSIRT.SK
Deputy Prime Minister’s Office for Investments and Informatization of the Slovak Republic
Štefánikova 882/15
811 05 Bratislava
Slovak Republic

2.3. Time Zone

GMT01/GMT02 with DST which starts on the last Sunday in March and ends on the last Sunday in October)

2.4. Telephone Number

+421 2 592 78 514
+421 2 592 78 502

2.5. Facsimile Number

+421 2 529 26 870

2.6. Other Telecommunication

Not available at the present.

2.7. Electronic Mail Address

Official e-mail address: info(at)csirt.gov.sk
Address for incident reporting: incident(at)csirt.gov.sk

2.8. Public Keys and Encryption Information

PGP/GnuPG is supported for secure communication. CSIRT.SK PGP Key ID: 0x676CDFAB
CSIRT.SK PGP Key Fingerprint: DFB9 E47B 4304 CB18 AF97 E49D EC51 77D3 E4E1 1CE2
The current CSIRT.SK team-key can be found on http://www.csirt.gov.sk/doc/CSIRT.SK.asc and is also present on the public key-server https://keyserver.pgp.com/. Please use this key when you want/need to encrypt messages that you send to CSIRT.SK. When due, CSIRT.SK will sign messages using the same key. When due, sign your messages using your own key please - it helps when that key is verifiable using the public key-servers. 

2.9. Team Members

No information is provided about the CSIRT.SK team members in public.

2.10. Other Information

2.11. Points of Customer Contact

Regular cases: the preferred method for contacting CSIRT.SK is via e-mail info(at)csirt.gov.sk.

Regular response hours: from Monday to Friday, 07:00 – 16:00.

EMERGENCY cases: if it is not possible (or not advisable for security reasons) to use an e-mail, the CSIRT.SK can be reached by emergency telephone number: +421 917 699 002.

3. Charter

3.1. Mission Statement

The mission of CSIRT.SK is to increase the protection of information systems of the public administration.

Activities of CSIRT.SK are connected with security incident handling and establishment of the former state of information systems and related information and communication technologies related to information systems of the public administration in the Slovak Republic. The core goals are:

  • response to the information security incidents in Slovakia in cooperation with the owners and providers of impacted parts of information systems of the public administration, telecommunication operators, ISPs and other public bodies (police, investigators, courts),
  • awareness raising in the field of information security, 
  • cooperation with international counterparts and organizations and representation of Slovakia in the field of information security internationally.

3.2. Constituency

The CSIRT.SK provides services for the government as well as information systems in public administration in order to promote responses against IT security incidents. (Excluding military information.)

3.3. Sponsorship and/or Affiliation

CSIRT.SK is a governmental CSIRT of Slovakia and it is established as an independent division of Deputy Prime Minister’s Office for Investments and Informatization of the Slovak Republic.

3.4. Authority

CSIRT.SK is a governmental CSIRT (Computer Security Incident and Response Team) of Slovakia established under The Act on Cyber Security no.69/2018. The team coordinates security incidents on behalf of their constituency and has no authority reaching further than that. The team is however expected to make operational, non-obligatory recommendations in the course of their work. The implementation of such recommendations is not a responsibility of the team, but solely of those to whom the recommendations were made.

4. Policies

4.1. Types of Incidents and Level of Support

The CSIRT.SK is authorized to address all types of computer security incidents which occur, or threaten to occur, in its constituency. The level of support given by CSIRT.SK will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the CSIRT.SK's resources at the time. Special attention will be given to issues affecting critical information infrastructure. No direct support will be given to end-users, as they are expected to contact their system administrators. CSIRT.SK is committed to keep the constituency informed of potential vulnerabilities and existing threats, and where possible, will inform theirs of such threats and vulnerabilities before they are actively exploited.

4.2. Co-operation, Interaction and Disclosure of Information

ALL incoming information is handled confidentially by CSIRT.SK, regardless of its priority. Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well. CSIRT.SK supports the Information Sharing Traffic Light Protocol (ISTLP – see https://members.first.org/tlp/) - information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

CSIRT.SK will use the information you provide to help solve security incidents, as all CERTs do. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymous fashion. If you object to this default behavior of CSIRT.SK, please make explicit what CSIRT.SK can do with the information you provide. CSIRT.SK will adhere to your policy, but will also point out to you if that means that CSIRT.SK cannot act on the information provided.

CSIRT.SK does not report incidents to law enforcement, unless national law requires so. Likewise, CSIRT.SK only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that CSIRT.SK cooperates in an investigation. When a court order is absent, CSIRT.SK will only provide information on a need-to-know basis.

4.3. Communication and Authentication

For communication which does not contain sensitive or classified information, normal methods like e-mail and fax will be used. For secure communication CSIRT.SK PGP key will be used for encryption and signing. In cases where there is doubt about the authenticity of information or its source, CSIRT.SK reserves the right to authenticate this by any (legal) means.

5. Services

5.1. Reactive Services

CSIRT.SK is responsible for the coordination of security incidents somehow involving their constituency (as defined in 3.2). CSIRT.SK is able to assist system administrators in handling the technical and organizational aspects of incidents. In particular, it provides assistance or advice with respect to the following aspects of incident management:

  • Incident response
  • Alerts and Warnings
  • Incident detection
  • Incident analysis
  • Incident containment, eradication and recovery
  • Assistance with incident handling on site
  • Reaction to incidents
  • Support of incident response efforts
  • Coordinating responses to incident handling
  • Design of countermeasures to prevent further continuation, propagation and recurrence of incidents

5.2. Preventive Activities

CSIRT.SK pro-actively advises their constituency in regard to recent vulnerabilities and trends in hacking/cracking.

  • Education and raising awareness in the field of information security
  • Training
  • Cooperation with other CSIRT teams
  • Monitoring and documentation of incidents
  • Connecting to Unified information system of cybersecurity
  • Providing information to Unified information system of cybersecurity
  • Receiving and sending early warnings of incidents via Unified information system of cybersecurity
  • Announcements about existing vulnerabilities
  • Technology watch
  • Configuration and infrastructure maintenance
  • Infiltration detection
  • Information dissemination
  • Threats Monitoring in the field of ICT
  • Education and raising awareness in the field of information security
  • Information security consulting
  • Information security audit
  • Assistance with the development of new CSIRT teams

6. Incident Reporting Forms

If possible, please write an email with detailed description of the incident to incident(at)csirt.gov.sk. Link to information on how to proceed is on https://www.csirt.gov.sk/hlasenia/nahlasenie-incidentu-861.html .

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CSIRT.SK assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.