CSIRT Description for SOC24.PL ================================ 1. About this document This document contains a description of SOC24.PL according to RFC 2350. It provides basic information about the SOC, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of Last Update This is version 1.01, published at 2018-07-01 1.2 Distribution List for Notifications Notifications of updates are submitted to Trusted Introducer by e-mail: 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from SOC24.PL website at: https://www.soc24.pl/RFC2350.txt Please make sure you are using the latest version. 1.4 Authenticating this Document This document has been signed with GPG key and its authenticity can be verified with SOC24.PL GPG key as published in 2.8 2. Contact Information 2.1 Name of the Team SOC24.PL 2.2 Address SOC24 Sp z o.o. Primary Location: 537 Pulawska Street 02-844 Warsaw Poland Secondary location: Stadhouderslaan 900 2382 BL Zoeterwoude-Rijndijk, The Netherlands 2.3 Time Zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 22 4600785 2.5 Facsimile Number +48 22 4600771 (please note this is NOT a secure fax) 2.6 Other Telecommunication None available 2.7 Electronic Mail Address soc@soc24.pl 2.8 Public Keys and Other Encryption Information SOC24.PL uses the GPG key: User ID: SOC24 Sp z o.o. Key ID: 0x........ Key type: RSA Key size: 4096 Expires: never Fingerprint: .............. This key can be received from directory servers or directly from our website: https://www.soc24.pl/soc.asc 2.9 Other Information General information about SOC24.PL can be found at https://www.soc24.pl/ 2.10 Points of Customer Contact SOC24.PL prefers to receive incident reports via e-mail. SOC24.PL's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays). 3. Charter 3.1 Mission Statement 3.2 Constituency Our constituency consists of the institutions - private, public or governmental who signed up to our Security Operation Center services. We continuously update our constituency according to the ASN, IP or domain data provided to us by our Customers. 3.3 Sponsorship and/or Affiliation SOC24.PL is a part of NOMIOS group. 3.4 Authority SOC24.PL handles and coordinates incidents on behalf of its Customers and is bound by contractual terms. 4. Policies 4.1 Types of Incidents and Level of Support All incidents are by default normal priority unless contractual arrangements prioritize them otherwise. Incidents handled as the contribution to the Society are therefore treated as normal priority regardless of the label attached to incident notification. It is SOC24.PL's authority to decide whether increasing the priority to emergency is appropriate. 4.2 Co-operation, Interaction and Disclosure of Information SOC24.PL declares that all information related to incidents handled is considered Confidential. Information evident to be sensitive or that may be harmful is handled only in a secure environment and encrypted in storage and in transit. When reporting an incident and providing sensitive information, please use encryption or contact SOC24.PL to arrange different channel of secure communication. SOC24.PL declares full support for the Information Sharing Traffic Light Protocol (https://www.trusted-introducer.org/ISTLPv11.pdf). Information sent in and labelled according to ISTLP will be handled appropriately. Information submitted to SOC24.PL may be distributed on a need-to-know basis to trusted parties (such as ISPs, other CERT teams) for the sole purpose of incident handling. SOC24.PL does not report incidents to the Law Enforcement Agencies unless required by the national law. SOC24.PL cooperates with the LEAs only in the course of an official investigation or when instructed by a constituent to cooperate. 4.3 Communication and Authentication SOC24.PL uses GPG encryption to ensure the confidentiality and integrity of communication. All sensitive information sent in should be encrypted. Messages regarding incidents are sent by SOC24.PL staff signed with our main GPG key (see 2.8) and encrypted when containing a sensitive information. SOC24.PL reserves the right to verify the authenticity of information or its source to the extent allowed by the law. 5. Services 5.1 Incident Response SOC24.PL will assist organizations in handling the technical and organizational aspects of security incidents. SOC24.PL's capabilities cover the full cycle of incident response - Preparation - Detection and Analysis - Containment, Eradication and Recovery - Lessons learned, Collected evidence analysis and Recommendation 5.2 Proactive Activities SOC24.PL makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Forms There are no specific forms developed for reporting incidents to SOC24.PL 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, SOC24.PL assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 -----END PGP SIGNATURE-----