top of page

RFC 2350

Document information

This document contains information about CSEC CSIRT and the structure of the document is based on RFC 2350. Information shared in this document describe responsibilities, services, and other information about CSEC CSIRT.

Date of last update:

This is version 1.00, published on 30.06.2022.

Distribution list for notifications

There is currently no distribution list for notifications about the document change.

Locations where this document may be found

The current version is available on CSEC website : csec.ba/en/rfc2350

Contact Information

Name of the team:

CSEC CSIRT - Cybersecurity Excellence Center Computer Security Incident Response Team

Team HQ address:

CSEC

Gradačačka 114

71000 Sarajevo

Bosnia and Herzegovina

Team time zone:

CET Central European Time (UTC+01:00)

Team contact telephone number:

+387 33 448 281

Team facsimile number:

None available

Other telecommunication:

None available

Electronic mail address

report(@)csec.ba - for incident reporting

contact(@)csec.ba - for other communication

Public keys and other encryption information:

For encrypted communication CSEC CSIRT uses PGP with key signature: FB21 74A2 DD4C F1D1 6B1F 7E7B 211F 3EB7 FDE9 FA79

Team members:

Head of CSIRT and CSEC CEO : Predrag Puharic

                 

Other team representatives will identify themselves upon official communication by using their full name

Other information:

More information about CSEC and CSEC CSIRT can be found at csec.ba/en

Point of contact:

Primary communication method is email, using contact(@)csec.ba

Secondary method is by telephone and CSEC can be reached at +387 33 448 281

CSEC is operational 24/7 for both means of communication

Team charter

Mission:

CSEC’s mission is ''to position itself as a neutral, ‘go-to’ point for systematic response to cyber incidents in Bosnia and Herzegovina in order to support the development and improvement of cyber security in Bosnia and Herzegovina. CSEC will also strengthen communication between cybersecurity stakeholders and other CSIRT teams in the region.

CSEC CSIRT will provide assistance to any party that reports an incident with maximum effort and will continuously conduct activities that increase Bosnia and Herzegovina cybersecurity capabilities.   

Constituents: 

CSEC CSIRT constituent is mainly academic and cooming from civil society and media but until adequate entity is formed to provide National CSIRT services, CSEC CSIRT will provide effort to expand constituency to any party from Bosnia and Herzegovina that need assistance regarding cybersecurity issues.  

Sponsorship and/or affiliation:

Together with support from the UK Government, CSEC is endorsed by the DCAF and the OSCE to improve cyber security in the Western Balkans.

Authority:

CSEC will act voluntarily to provide assistance to any party requiring help with cybersecurity related issues.

Policies

Types of Incidents:

CSEC CSIRT will respond to all reported incidents. Level of support provided will be factored by severity of incident, type of constituency, scope of incident and available CSEC CSIRT resources.

No direct support will be given to end users, CSEC CSIRT will provide administrators with detailed guidelines for prevention of incidents and for incident response.

Constituents will be informed of potential vulnerabilities that might affect them.

Cooperation, Interaction and Disclosure of Information:

Identifiable data will be adequately protected and will not be publicly published .

All information shared by CSEC CSIRT will be shared by using TLP 2 protocol. More information about TLP 2 protocol and its usage can be found at http://csec.ba/tlp.

CSEC CSIRT may share statistical information about cybersecurity incidents.

Communication and Authentication:

Email with PGP should be used for encrypted communication of sensitive information. Email without PGP should be used only for non-sensitive information sharing.

Phone communication is considered safe enough for communication.

Services

Incident Response:

CSEC CSIRT will provide constituents with assistance during incident response. Assistance provide will consist of technical and organizational aspects of the incident.

Triage:

  • Determining whether the incident indeed did occur

  • Determining the extent of the incident

Incident response coordination:

  • Determining the initial cause of the incident

  • Facilitating contact with other parties which may be involved

  • If necessary, establishing contact with appropriate law enforcement officials

  • If necessary, establishing contact with other CSIRTs

  • If necessary, reporting to constituents

Incident resolution:

  • Providing specific advice on vulnerability removal

  • Providing specific advice on steps required to perform containment process from the effects of the incident

  • Evaluation of actions worth performing while taking cost and risk into account during the response

  • If necessary, to provide better decision making, collection and analysis of evidence

Proactive services:

  • CSEC CSIRT coordinates and maintains following services to the extent possible depending on its resources:

  • Publishing important security recommendations via web presentation or by email.

  • Training and seminars on cybersecurity related topics

  • Consulting on cybersecurity resilience improvement

Incident reporting forms

Disclaimer
 

  • While every precaution will be taken in the preparation of information, notifications, and alerts, CSEC CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of information contained within.

bottom of page