This document contains information about CSEC CSIRT and the structure of the document is based on RFC 2350. Information shared in this document describe responsibilities, services, and other information about CSEC CSIRT.
Date of last update:
This is version 1.00, published on 30.06.2022.
Distribution list for notifications
There is currently no distribution list for notifications about the document change.
Locations where this document may be found
The current version is available on CSEC website : csec.ba/en/rfc2350
Name of the team:
CSEC CSIRT - Cybersecurity Excellence Center Computer Security Incident Response Team
Team HQ address:
Bosnia and Herzegovina
Team time zone:
CET Central European Time (UTC+01:00)
Team contact telephone number:
+387 33 448 281
Team facsimile number:
Electronic mail address
report(@)csec.ba - for incident reporting
contact(@)csec.ba - for other communication
Public keys and other encryption information:
For encrypted communication CSEC CSIRT uses PGP with key signature: FB21 74A2 DD4C F1D1 6B1F 7E7B 211F 3EB7 FDE9 FA79
Head of CSIRT and CSEC CEO : Predrag Puharic
Other team representatives will identify themselves upon official communication by using their full name
More information about CSEC and CSEC CSIRT can be found at csec.ba/en
Point of contact:
Primary communication method is email, using contact(@)csec.ba
Secondary method is by telephone and CSEC can be reached at +387 33 448 281
CSEC is operational 24/7 for both means of communication
CSEC’s mission is ''to position itself as a neutral, ‘go-to’ point for systematic response to cyber incidents in Bosnia and Herzegovina in order to support the development and improvement of cyber security in Bosnia and Herzegovina. CSEC will also strengthen communication between cybersecurity stakeholders and other CSIRT teams in the region.
CSEC CSIRT will provide assistance to any party that reports an incident with maximum effort and will continuously conduct activities that increase Bosnia and Herzegovina cybersecurity capabilities.
CSEC CSIRT constituent is mainly academic and cooming from civil society and media but until adequate entity is formed to provide National CSIRT services, CSEC CSIRT will provide effort to expand constituency to any party from Bosnia and Herzegovina that need assistance regarding cybersecurity issues.
Sponsorship and/or affiliation:
Together with support from the UK Government, CSEC is endorsed by the DCAF and the OSCE to improve cyber security in the Western Balkans.
CSEC will act voluntarily to provide assistance to any party requiring help with cybersecurity related issues.
Types of Incidents:
CSEC CSIRT will respond to all reported incidents. Level of support provided will be factored by severity of incident, type of constituency, scope of incident and available CSEC CSIRT resources.
No direct support will be given to end users, CSEC CSIRT will provide administrators with detailed guidelines for prevention of incidents and for incident response.
Constituents will be informed of potential vulnerabilities that might affect them.
Cooperation, Interaction and Disclosure of Information:
Identifiable data will be adequately protected and will not be publicly published .
All information shared by CSEC CSIRT will be shared by using TLP 2 protocol. More information about TLP 2 protocol and its usage can be found at http://csec.ba/tlp.
CSEC CSIRT may share statistical information about cybersecurity incidents.
Communication and Authentication:
Email with PGP should be used for encrypted communication of sensitive information. Email without PGP should be used only for non-sensitive information sharing.
Phone communication is considered safe enough for communication.
CSEC CSIRT will provide constituents with assistance during incident response. Assistance provide will consist of technical and organizational aspects of the incident.
Determining whether the incident indeed did occur
Determining the extent of the incident
Incident response coordination:
Determining the initial cause of the incident
Facilitating contact with other parties which may be involved
If necessary, establishing contact with appropriate law enforcement officials
If necessary, establishing contact with other CSIRTs
If necessary, reporting to constituents
Providing specific advice on vulnerability removal
Providing specific advice on steps required to perform containment process from the effects of the incident
Evaluation of actions worth performing while taking cost and risk into account during the response
If necessary, to provide better decision making, collection and analysis of evidence
CSEC CSIRT coordinates and maintains following services to the extent possible depending on its resources:
Publishing important security recommendations via web presentation or by email.
Training and seminars on cybersecurity related topics
Consulting on cybersecurity resilience improvement
Incident reporting forms
Incident reporting form can be found at https://csec.ba/report
While every precaution will be taken in the preparation of information, notifications, and alerts, CSEC CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of information contained within.