RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]



Similar documents
CSIRT Description for CERT OPL

The current version of this document can always be found at

CERT.AZ description as per RfC 2350

Version: 1.2 Date: March, HAN-CERT - RFC 2350 Hogeschool van Arnhem en Nijmegen (HAN University of Applied Sciences)

DANCERT RFC2350 Description Date: Dissemination Level:

State of Vermont. Intrusion Detection and Prevention Policy. Date: Approved by: Tom Pelham Policy Number:

Patch and Vulnerability Management Program

1. Perimeter Security Dealing with firewall, gateways and VPNs and technical entry points. Physical Access to your premises can also be reviewed.

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Standard: Information Security Incident Management

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

The detailed process of becoming a FIRST member is described at

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Information Security Basic Concepts

COMPUTER SECURITY INCIDENT MANAGEMENT MANUAL

Data Management & Protection: Common Definitions

ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance

Network Security Policy

ARRA HITECH Stimulus HIPAA Security Compliance Reporter. White Paper

Retention & Destruction

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

Top Messaging Vulnerabilities Part 1 Technical Issues

Information Security Incident Management Guidelines

DEPARTMENT OF TAXATION AND FINANCE SECURITY OVER PERSONAL INFORMATION. Report 2007-S-77 OFFICE OF THE NEW YORK STATE COMPTROLLER

Open Source Incident Management Tool for CSIRTs

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

Vendor Risk Assessment Questionnaire

Net Report s PCI DSS Version 1.1 Compliance Suite

Creating and Managing Computer Security Incident Response Teams (CSIRTs)

Contact: Henry Torres, (870)

HIPAA Security Checklist for Healthcare Providers - Self-Evaluation Checklist

Introduction Open Source Security Tools for Information Technology Professionals

Guideline for Services

Organizational internal computer security incident responding structure : CSIRT

CERT La Poste Group Infosec Observatory 40th TF-CSIRT meeting London

Incident Reporting Guidelines for Constituents (Public)

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

ISO Controls and Objectives

FormFire Application and IT Security. White Paper

New River Community College. Information Technology Policy and Procedure Manual

FIRST Site Visit Requirements and Assessment

HIPAA Compliance Evaluation Report

Trust 9/10/2015. Why Does Privacy and Security Matter? Who Must Comply with HIPAA Rules? HIPAA Breaches, Security Risk Analysis, and Audits

Designing and Developing an Application for Incident Response Teams

Implementing an Incident Response Team (IRT)

Data Security Incident Response Plan. [Insert Organization Name]

Network Service Policy

SECURITY ORGANISATION Security Awareness and the Five Aspects of Security

Data Management Policies. Sage ERP Online

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

C. Author(s): David Millar (ISC Information Security) and Lauren Steinfeld (Chief Privacy Officer)

WISHIN Pulse Statement on Privacy, Security and HIPAA Compliance

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

SITECATALYST SECURITY

US-CERT Overview & Cyber Threats

Working with the FBI

Payment Card Industry Data Security Standard

SUPPLIER SECURITY STANDARD

ISO Information Security Management Systems Professional

Designation of employee(s) in charge of the program; Identifying and assessing risks/threats and evaluating and improving

Vendor Audit Questionnaire

New Zealand Security Incident Management Guide for Computer Security Incident Response Teams (CSIRTs)

Client Update SEC Releases Updated Cybersecurity Examination Guidelines

Fraud and Abuse Policy

Cloud security architecture

Network & Information Security Policy

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

INFORMATION TECHNOLOGY POLICY

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

Vulnerability Management Policy

U06 IT Infrastructure Policy

Threat Management: Incident Handling. Incident Response Plan

Security Issues in Cloud Computing

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Nichol A. Moses, Psy.D., NCSP

Must score 89% or above. If you score below 89%, we will be contacting you to go over the material individually.

Electronic Data Security: Designing Good Data Protection Plans

Keyfort Cloud Services (KCS)

(Instructor-led; 3 Days)

I. Introduction to Privacy: Common Principles and Approaches

Computer Security Incident Response Planning. Preparing for the Inevitable

Symantec DLP Overview. Jonathan Jesse ITS Partners

TECHNICAL NOTE 01/02 PROTECTING YOUR COMPUTER NETWORK

Security Topics Update. Christopher Misra Doug Pearson April 2008

Vodafone New Zealand Microsoft Privacy Statement Dated: August 2013

Incident Handling. Applied Risk Management. September 2002

`DEPARTMENT OF VETERANS AFFAIRS VA SOUTHEAST NETWORK Automated Information System User Access Notice

How To Manage Security On A Networked Computer System

1. Why is the customer having the penetration test performed against their environment?

SERVICE DESCRIPTION Web Proxy

Cybersecurity Plan. Introduction. Roles and Responsibilities. Laboratory Executive Commitee (ExCom)

HP Security Framework. Jakub Andrle

HIPAA Privacy and Information Security Management Briefing

State of West Virginia Office of Technology Policy: Information Security Audit Program Issued by the CTO

Network Security: 30 Questions Every Manager Should Ask. Author: Dr. Eric Cole Chief Security Strategist Secure Anchor Consulting

Transcription:

RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS] 1 Document information... 2 1.1 Date of Last Update... 2 1.2 Distribution List for Notifications... 2 1.3 Locations where this Document May Be Found... 2 1.4 Authenticating this Document... 2 2 Contact Information... 3 2.1 Name of the Team... 3 2.2 Address... 3 2.3 Timezone... 3 2.4 Telephone Number... 3 2.5 Facsimile Number... 3 2.6 Other Telecommunication... 3 2.7 Electronic Mail Address... 3 2.8 Public Keys and Other Encryption Information... 4 2.9 Team Members... 4 2.10 Other Information... 4 2.11 Points of Customer Contact... 4 3 Charter... 5 3.1 Mission Statement... 5 3.2 Constituency... 5 3.3 Sponsorship and/or Affiliation... 5 3.4 Authority... 5 4 Policies... 6 4.1 Type of Incidents and Level of Support... 6 4.2 Co-operation, Interaction and Disclosure of Information... 6 4.3 Communication and Authentication... 6 5 Services... 7 5.1 Pre-emptive Security Measures... 7 5.2 Incident Response... 7 5.3 Proactive Activities... 8 6 Incident Reporting Forms... 9

1 Document information This document contains a description of CSIRT TEHTRI-Security egambit (CSIRT-TEHTRIS) as implemented by RFC 2350. It provides basic information about CSIRT-TEHTRIS, its channels of communication, its roles and responsibilities. 1.1 Date of Last Update Version 1.1 2015/11/30 Version 1.0 2015/06/24 1.2 Distribution List for Notifications There is no distribution list for notifications. 1.3 Locations where this Document May Be Found The current version of this this CSIRT description may always be found at http://www.tehtri-security.com/csirt 1.4 Authenticating this Document This document has been signed with the PGP key of CSIRT-TEHTRIS. The signature of this document is available at http://www.tehtri-security.com/csirt

2 Contact Information 2.1 Name of the Team Short name: CSIRT-TEHTRIS Long name: CSIRT TEHTRI-Security egambit CERT name: CERT-TEHTRIS 2.2 Address TEHTRI-Security CSIRT-TEHTRIS 13-15 rue Taitbout 75009, PARIS FRANCE 2.3 Timezone CET/CEST 2.4 Telephone Number Phone: +33 (0) 9-72-50-80-33 [inputs are filtered, but all messages are monitored] 2.5 Facsimile Number Fax: +33 (0) 1-72-71-25-99 2.6 Other means for communication Twitter: @tehtris 2.7 Electronic Mail Address cert (at) tehtris (dot) com This is a mail alias that relays mail to the human(s) on duty for the CSIRT-TEHTRIS

2.8 Public Keys and Other Encryption Information CSIRT-TEHTRIS is using the following PGP key for its email exchanges with cert (at) tehtris (dot) com address: ID: 8F281158 Fingerprint: 1416 56B6 2D67 55E9 2018 5BA7 BDE8 A13A 8F28 1158 2.9 Team Members Laurent Oudot (CEO at TEHTRIS) and Laurent Estieux (CTO at TEHTRIS) are the CSIRT- TEHTRIS team co-leaders. The other members of the CSIRT team are the TEHTRI-Security security experts and consultants. None 2.10 Other Information 2.11 Points of Customer Contact The preferred method to contact CSIRT-TEHTRIS is to send e-mail to the cert (at) tehtris (dot) com address. This mailbox is monitored actively during hours of operations. Standard hours of operations: 7h00-22h00 from Monday to Friday 8h00-20h00 on Weekends The mailbox is monitored 365 days / 365.

3 Charter 3.1 Mission Statement The purpose of the CSIRT is, first, to assist its customer community in implementing proactive measures to reduce the risks of computer security incidents, and second, to assist its customer community in responding to such incidents when they occur. 3.2 Constituency CSIRT-TEHTRIS constituency is composed of all the customer of the TEHTRI-Security egambit solution who subscribed a Service Level Agreement support contract. 3.3 Sponsorship and/or Affiliation CSIRT-TEHTRIS is part of TEHTRI-Security. CSIRT-TEHTRIS maintains relationships with various CSIRTs throughout the world, on all continents, on an as-needed basis. 3.4 Authority As CSIRT-TEHTRIS is aimed to handle incident response on customers perimeter, CSIRT- TEHTRIS has an advisor role with local security teams and has no specific authority to require any specific action. The recommendations, which CSIRT-TEHTRIS will provide to a customer, will be implemented under the direction of the concerned customer.

4 Policies 4.1 Type of Incidents and Level of Support CSIRT-TEHTRIS is generally mandated by its customer to handle any type of incident occurring on its own perimeter. Depending on the type of security incident, CSIRT-TEHTRIS will gradually roll out its services, which include incident response and digital forensics. 4.2 Co-operation, Interaction and Disclosure of Information CSIRT-TEHTRIS operates under the restrictions imposed by French laws. All information exchanged with a customer during an incident (and after its resolution) will be handled confidentially in secure environments using encryption if necessary. CSIRT-TEHTRIS will cooperate with other Organizations in the Field of Computer Security, which may help to deliver its services, especially for incident resolution. In any such exchange, CSIRT-TEHTRIS will protect the privacy of its customers through anonymisation of technical data that may be exchanged. Customers will be informed of such exchanges. If a customer objects the default CSIRT-TEHTRIS behavior, it should be specified in initial contractual agreement or explicitly asked in the communication with CSIRT-TEHTRIS. Requiring specific behavior may lower the quality of assistance CSIRT-TEHTRIS may provide. 4.3 Communication and Authentication For normal communication without any sensitive information, unencrypted e-mail may be used use but CSIRT-TEHTRIS strongly encourage customer to use encrypted email (through PGP) to exchange data with CSIRT-TEHTRIS.

5 Services 5.1 Pre-emptive Security Measures As the CSIRT-TEHTRIS services are delivered to TEHTRI-Security egambit customer, CSIRT-TEHTRIS will implement in egambit tool, or provide information to egambit developers, any technical security measure that may help to detect or block security threats, including emerging ones. 5.2 Incident Response CSIRT-TEHTRIS is mandated, by its customer, to be responsible for the coordination of security incidents somehow involving customers perimeters. The technical resolution of incident if operationally left to local customers administrators with CSIRT-TEHTRIS support. Without being exhaustive, following aspects are covered by CSIRT-TEHTRIS: 5.1.1 Incident Triage o Investigating whether indeed an incident occurred o Determining the extent of the incident. 5.1.2 Incident Coordination o Determining the initial cause of the incident (vulnerability exploited). o Facilitating contact with other sites, that may be involved. o Facilitating contact with appropriate law enforcement officials, if necessary. o Making reports to other CSIRTs. o Composing announcements to users, if applicable. 5.1.3 Incident Resolution o Providing action plan to remove the vulnerability and supporting local administrators to perform the action plan. o Providing action plan and support to help securing the system from the effects of the incident. o Evaluating whether certain actions are likely to reap results in proportion to their cost and risk o Providing action plan and support to collect any evidence after the fact in order to be used in criminal prosecution or any disciplinary action

5.3 Proactive Activities CSIRT-TEHTRIS performs the following proactive activities: Technology watch Intrusion detection Development of security tools Information about major security threats or vulnerabilities to its customers Training on security topics

6 Incident Reporting Forms No public form is proposed on our web site, to report incidents to CSIRT-TEHTRIS, but you can directly use the email contact with proper information when needed. egambit subscribers can use internal tools in egambit frontend to share events and needed information" In case of emergency or crisis, please provide to CSIRT-TEHTRIS at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number; IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem;

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information