RFC 2350
Document information
This document contains information about CSEC CSIRT and the structure of the document is based on RFC 2350. Information shared in this document describe responsibilities, services, and other information about CSEC CSIRT.
Date of last update:
This is version 1.00, published on 30.06.2022.
Distribution list for notifications
There is currently no distribution list for notifications about the document change.
Locations where this document may be found
The current version is available on CSEC website : csec.ba/en/rfc2350
Contact Information
Name of the team:
CSEC CSIRT - Cybersecurity Excellence Center Computer Security Incident Response Team
Team HQ address:
CSEC
Gradačačka 114
71000 Sarajevo
Bosnia and Herzegovina
Team time zone:
CET Central European Time (UTC+01:00)
Team contact telephone number:
+387 33 448 281
Team facsimile number:
None available
Other telecommunication:
None available
Electronic mail address
report(@)csec.ba - for incident reporting
contact(@)csec.ba - for other communication
Public keys and other encryption information:
For encrypted communication CSEC CSIRT uses PGP with key signature: FB21 74A2 DD4C F1D1 6B1F 7E7B 211F 3EB7 FDE9 FA79
Team members:
Head of CSIRT and CSEC CEO : Predrag Puharic
Other team representatives will identify themselves upon official communication by using their full name
Other information:
More information about CSEC and CSEC CSIRT can be found at csec.ba/en
Point of contact:
Primary communication method is email, using contact(@)csec.ba
Secondary method is by telephone and CSEC can be reached at +387 33 448 281
CSEC is operational 24/7 for both means of communication
Team charter
Mission:
CSEC’s mission is ''to position itself as a neutral, ‘go-to’ point for systematic response to cyber incidents in Bosnia and Herzegovina in order to support the development and improvement of cyber security in Bosnia and Herzegovina. CSEC will also strengthen communication between cybersecurity stakeholders and other CSIRT teams in the region.
CSEC CSIRT will provide assistance to any party that reports an incident with maximum effort and will continuously conduct activities that increase Bosnia and Herzegovina cybersecurity capabilities.
Constituents:
CSEC CSIRT constituent is mainly academic and cooming from civil society and media but until adequate entity is formed to provide National CSIRT services, CSEC CSIRT will provide effort to expand constituency to any party from Bosnia and Herzegovina that need assistance regarding cybersecurity issues.
Sponsorship and/or affiliation:
Together with support from the UK Government, CSEC is endorsed by the DCAF and the OSCE to improve cyber security in the Western Balkans.
Authority:
CSEC will act voluntarily to provide assistance to any party requiring help with cybersecurity related issues.
Policies
Types of Incidents:
CSEC CSIRT will respond to all reported incidents. Level of support provided will be factored by severity of incident, type of constituency, scope of incident and available CSEC CSIRT resources.
No direct support will be given to end users, CSEC CSIRT will provide administrators with detailed guidelines for prevention of incidents and for incident response.
Constituents will be informed of potential vulnerabilities that might affect them.
Cooperation, Interaction and Disclosure of Information:
Identifiable data will be adequately protected and will not be publicly published .
All information shared by CSEC CSIRT will be shared by using TLP 2 protocol. More information about TLP 2 protocol and its usage can be found at http://csec.ba/tlp.
CSEC CSIRT may share statistical information about cybersecurity incidents.
Communication and Authentication:
Email with PGP should be used for encrypted communication of sensitive information. Email without PGP should be used only for non-sensitive information sharing.
Phone communication is considered safe enough for communication.
Services
Incident Response:
CSEC CSIRT will provide constituents with assistance during incident response. Assistance provide will consist of technical and organizational aspects of the incident.
Triage:
-
Determining whether the incident indeed did occur
-
Determining the extent of the incident
Incident response coordination:
-
Determining the initial cause of the incident
-
Facilitating contact with other parties which may be involved
-
If necessary, establishing contact with appropriate law enforcement officials
-
If necessary, establishing contact with other CSIRTs
-
If necessary, reporting to constituents
Incident resolution:
-
Providing specific advice on vulnerability removal
-
Providing specific advice on steps required to perform containment process from the effects of the incident
-
Evaluation of actions worth performing while taking cost and risk into account during the response
-
If necessary, to provide better decision making, collection and analysis of evidence
Proactive services:
-
CSEC CSIRT coordinates and maintains following services to the extent possible depending on its resources:
-
Publishing important security recommendations via web presentation or by email.
-
Training and seminars on cybersecurity related topics
-
Consulting on cybersecurity resilience improvement
Incident reporting forms
-
Incident reporting form can be found at https://csec.ba/report
Disclaimer
-
While every precaution will be taken in the preparation of information, notifications, and alerts, CSEC CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of information contained within.