CERT.AZ description as per RfC 2350



Similar documents
DANCERT RFC2350 Description Date: Dissemination Level:

RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]

CSIRT Description for CERT OPL

Version: 1.2 Date: March, HAN-CERT - RFC 2350 Hogeschool van Arnhem en Nijmegen (HAN University of Applied Sciences)

The current version of this document can always be found at

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT

The Policy Approaches to Strengthen Cyber Security in the Financial Sector (Summary) July 2, 2015 Financial Services Agency

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Cyber security Country Experience: Establishment of Information Security Projects.

Attachment A. Identification of Risks/Cybersecurity Governance

Cyber attack and incident response

Egyptian Best Practices Securing E-Services

Cyber Resilience Implementing the Right Strategy. Grant Brown Security specialist,

US-CERT Year in Review. United States Computer Emergency Readiness Team

Lessons from Defending Cyberspace

ICT Security. High-Quality Information and Know How Protection. Design and implementation of security. Covering almost all of ICT security

Microsoft s cybersecurity commitment

Introduction to Cyber Security / Information Security

Challenges and Best Practices in Fighting Financial Fraud in Brazil

Organizational internal computer security incident responding structure : CSIRT

CSIRT Introduction to Security Incident Handling

Cyber Side-Effects: How Secure is the Personal Information Entered into the Flawed Healthcare.gov? Statement for the Record

REPUBLIC OF TURKEY. Ministry of Transport, Maritime Affairs and Communications. National Cyber Security Strategy and Action Plan

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

CYBER SECURITY. Marcin Olender Head of Unit Information Society Department

Implementing an Incident Response Team (IRT)

Building National and Regional Cybersecurity Competences through the UbuntuNet Alliance NRENS

Romanian National Computer Security Incident Response Team CERT-RO.

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Qatar Computer Emergency Team

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

OCIE CYBERSECURITY INITIATIVE

COMPUTER SECURITY INCIDENT MANAGEMENT MANUAL

Information Security Awareness Videos

McAfee Security Architectures for the Public Sector

APHIS INTERNET USE AND SECURITY POLICY

Purchase College Information Security Program Charter January 2008

honeytarg Chapter Activities

Creating and Managing Computer Security Incident Response Teams (CSIRTs)

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

Patch and Vulnerability Management Program

FINRA Publishes its 2015 Report on Cybersecurity Practices

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Cyber Security ( Lao PDR )

CERT.br Incident Handling and Network Monitoring Activities

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Data Management Policies. Sage ERP Online

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

The detailed process of becoming a FIRST member is described at

Actions and Recommendations (A/R) Summary

Use of Honeypots for Network Monitoring and Situational Awareness

National Information Assurance and Cyber Security Strategy (NIACSS) Jordan s Approach to National CS&IA

The Importance of a Multistakeholder Approach to Cybersecurity Effectiveness

Cyber Security solutions

Exam 1 - CSIS 3755 Information Assurance

CERT/CC Overview & CSIRT Development Team Activities

Bellevue University Cybersecurity Programs & Courses

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

NERC Alert System Overview

Solutions and IT services for Oil-Gas & Energy markets

Computer Network Security & Privacy Protection

Vendor Audit Questionnaire

Information Security Incident Management Guidelines

Incident Management Process: Strategies, tools and techniques

THE WORLD IS MOVING FAST, SECURITY FASTER.

Cyber Security a Global Challenge; What and how Thailand is doing

Government Decision No. 1139/2013 (21 March) on the National Cyber Security Strategy of Hungary

Safety by trust: British model of cyber security. David Wallace, First Secretary, Head of of the Policy Delivery Group British Embassy in Warsaw

What legal aspects are needed to address specific ICT related issues?

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

Achieving SOX Compliance with Masergy Security Professional Services

How To Secure The Internet In Jordan

National Initiative for Cybersecurity Education

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Open Source Incident Management Tool for CSIRTs

MANAGED SECURITY SERVICES (MSS)

INTERNATIONAL TELECOMMUNICATION UNION

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

Data Management & Protection: Common Definitions

Cyber Security & Role of CERT-In. Dr. Gulshan Rai Director General, CERT-IN Govt. of India grai@mit.gov.in

Request for Records Disposition Authority

IBX Business Network Platform Information Security Controls Document Classification [Public]

Accredited Reporter Program Introduction

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Thank you for your very kind introduction.

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Cybersecurity Risk Management in the Telecom Sector. MUSTAPHA HUNEYD Corporate Information Security

Critical Security Controls

Unified Security Anywhere SOX COMPLIANCE ACHIEVING SOX COMPLIANCE WITH MASERGY SECURITY PROFESSIONAL SERVICES

Implementation Rules of the China Internet Network Information Center for Domain Name Registration (2012)

CRR-NIST CSF Crosswalk 1

Incident Reporting Guidelines for Constituents (Public)

THE 411 ON CYBERSECURITY, INFORMATION SHARING AND PRIVACY

NATIONAL CYBER SECURITY AWARENESS MONTH

DNS Amplification Attacks as a DDoS Tool and Mitigation Techniques

CYBER SECURITY LEGISLATION AND POLICY INITIATIVES - UGANDA CASE

Cyber Security: Policy of the Internet Infrastructure

Transcription:

CERT.AZ description as per RfC 2350

Contact Cyber Security Center (CSC) Computer Emergency Response Team (CERT) Address Block 702, Drogal lane Baku, Azerbaijan Telephone: +99412 4932056 +99412 4932057 Fax: +99412 4981800 E-mail: info@cert.az www.cert.az Published by Cyber Security Center under Ministry of Communications and High Technologies of the Republic of Azerbaijan 2014

Contents 1 Document information... 4 1.1 Date of Last Update... 4 1.2 Distribution List for Notifications... 4 1.3 Location of the document... 4 2 Contact Information... 5 2.1 Name of the Team... 5 2.2 Address... 5 2.3 Time Zone... 5 2.4 Telephone Number... 5 2.5 Facsimile Number... 5 2.6 Other Telecommunication... 5 2.7 Electronic Mail Address... 5 2.8 Public Keys and Encryption Information... 5 2.9 Team Members... 6 2.10 Other Information... 6 2.11 Points of Customer Contact... 6 3 Charter... 7 3.1 Mission Statement... 7 3.2 Constituency... 7 3.3 Sponsorship and/or Affiliation... 7 3.4 Authority... 8 4 Policies... 9 4.1 Types of Incidents and Level of Support... 9 4.2 Co-operation, Interaction and Disclosure of Information... 9 4.3 Communication and Authentication... 9 5 Services... 10 5.1 Incident Response... 10 5.1.1 Incident Triage... 10 5.1.2 Incident Coordination... 10 5.1.3 Incident Resolution... 10 5.2 Proactive Activities... 10 6 Incident Reporting Forms... 11 7 Disclaimers... 12

1. Document information 1.1. Date of Last Update This is the 1.2 version, published 19 may, 2015 1.2. Distribution List for Notifications This profile is kept up-to-date on the location specified 1.3. Location of the document www.cert.az

2. Contact Information 2.1. Name of the Team Short name: CERT-AZ Full name: Cyber Security Center 2.2. Address Azerbaijan, Baku, Drogal lane, block 702 2.3. Time Zone UTC/GMT+04:00 2.4. Telephone Number +99412 4932057 +99412 4932056 2.5. Facsimile Number +99412 4981800 2.6. Other Telecommunication Not applicable. 2.7. Electronic Mail Address For Security incidents to: For Technical issues to: For General inquiries and non-emergency issues to: reports@cert.az team@cert.az info@cert.az 2.8. Public Keys and Encryption Information The CERT-AZ has a PGP key. User ID: team@cert.az Key ID: 0xA5E67725 Fingerprint: 73B99C81E49F8EF3E3A761B9A4B1F6B0A5E67725

The key and its signatures can be found at public key servers like pgp.mit.edu. 2.9. Team Members No information is provided about CERT.AZ team members in public. 2.10. Other Information Further information about CERT.AZ can be found at: http://www.cert.az/en/aboutus.html 2.11. Points of Customer Contact An available way for contacting CERT.AZ is via e-mail. reports@cert.az is available for security incident reports and related issue. team@cert.az at is available for technical issues. info@cert.az is available general inquiries and non-emergency issues. If it is impossible (or advisable due to security reasons) to use e-mail, you can connect with us via telephone at 99412 4932057 99412 4932056 Hotline: www.1654 Office hours for CERT.AZ are generally restricted to local regular business hours: Mon-Fri, 9 a.m. - 6 p.m.

3. Charter 3.1. Mission Statement Center s mission is to create and defend a better and safer cyber environment in the country while: To coordinate the action of information infrastructure subjects, To report about existing and potential risks at country level, To educate public, private and other institutions in the field of cyber security and providing methodological assistance to them 3.2. Constituency The constituency of CERT.AZ is basically public and private sector. The main areas of responsibility of CERT-AZ are: Engages in reporting on existing and potential threats in the field of cyber security at country level, as well as educating the public, private and other institutions Collects and analyzes information incoming from users, software and hardware productions, similar structures in foreign countries and other sources, about cyber security attacks, illegal intrusions and malicious codes against Information systems and networks Analyzes widely used software and technical equipment and recommends how to avoid detected security vulnerabilities 3.3. Sponsorship and/or Affiliation CERT-AZ is a Center which is created under the Ministry of Communications and High Technologies (www.mincom.gov.az). It is funded on state budget. CERT-AZ is affiliated with FIRST, the global Forum of Incident Response and Security Team as a full member as well as TI (Trusted Introducer for European CERTs) as an accredited member and Anti-Phishing Working Group (APWG). CERT-AZ continues affiliations with various CSIRTs

around the world as needed. It also has cooperation with CERT Coordination Center. 3.4. Authority CERT.AZ has a formal authority to advice: According to the Constitution of the Azerbaijani Republic The laws of the Azerbaijani Republic The decrees and instructions of the President of the Azerbaijani Republic The resolutions and instructions of the Cabinet of Ministers of the Azerbaijani Republic The international treaties which participant is the Azerbaijani Republic, The regulations on the Ministry of Communications and High Technologies of the Azerbaijani Republic the regulatory legal acts accepted by the Ministry, and this Provision.

4. Policies 4.1. Types of Incidents and Level of Support We have an authority to solve all kind of security incidents which occur or threaten to occur. The level of support of CERT.AZ depends on the type and severity of the issue or incident, the type of constituent. Our center is committed to keeping public informed of potential vulnerabilities. 4.2. Co-operation, Interaction and Disclosure of Information In case of accomplishment of the tasks and implementation of the rights the Cyber Security Center interacts with the Ministry of Communications and High Technologies and the structures subordinated to it, central and local executive bodies, local government bodies and non-governmental organizations, the international organizations, and also the legal entities and physical persons specializing in information security field. CERT.AZ makes relations with some other CSIRTs. We cooperate with Georgian, Iran, Israil and Bulgarian CERT s. 4.3. Communication and Authentication For international communications ordinary precautions apply like communicating to/via previously trusted and listed teams (TI) and using PGP. Key people know each other personally before any significant cooperation occurs.

5. Services 5.1. Incident Response CERT-AZ defines, assesses and prioritizes all types of ICT incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1 Incident Triage Investigating whether incident is authentic Determining type of the incident Assessing the incident 5.1.2 Incident Coordination Determining and contacting involved organizations. Assisting contact with other organs including law enforcement, if needed. Make relations with media, if necessary. 5.1.3 Incident Resolution Following up the incident solution process. Collecting evidence and interpreting data Asking for reports 5.2 Proactive Activities to inform people about existing threats and incidents in the field of cybersecurity to publish alerts and incidents in our website related serious security threats to implement educational events about information security For other information, follow http://www.cert.az/en/services.html

6. Incident Reporting Forms There are no special forms available.

7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CERT.AZ assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information