CSIRT Description for GAZ-SYSTEM CERT ================================ 1. About this document This document contains a description of GAZ-SYSTEM CERT according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of Last Update This is version 1.00, published 2019/04/03. Currently GAZ-SYSTEM CERT does not use any distribution lists to notify about changes in this document 1.2 Distribution List for Notifications Notifications of updates are submitted to Trusted Introducer by e-mail: 1.3 Locations where this Document May Be Found The current version of this CSIRT description is available on GAZ-SYSTEM CERT website at: http://www.gaz-system.pl/cert/ Please make sure you are using the latest version. 1.4 Authenticating this Document This document includes GAZ-SYSTEM CERT PGP signature. The signature is also on our Web site, accesible as described in 2.8 2. Contact Information 2.1 Name of the Team "GAZ-SYSTEM CERT": Cybersecurity Incident Response Team - GAZ-SYSTEM CERT 2.2 Address GAZ-SYSTEM CERT ul. Mszczonowska 4, 02-337 Warszawa, Poland 2.3 Time Zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 22 220 11 11 2.5 Facsimile Number +48 22 220 16 06 (please note this is NOT a secure fax) 2.6 Other Telecommunication None available. 2.7 Electronic Mail Address cert@gaz-system.pl 2.8 Public Keys and Other Encryption Information GAZ-SYSTEM CERT uses the PGP key: User ID: GAZ-SYSTEM CERT Key ID: B41CEA29945F06E5; Key type: RSA Key size: 2048 Expires: 03/20/2021 Fingerprint: B63E DC0A E0EF D649 D7D4 FF09 19E2 57F3 0113 973D; This key can be received from directory servers or directly from our website: http://www.gaz-system.pl/fileadmin/cert/gaz-system_cert_pgp-key.txt 2.9 Other Information General information about OGP GAZ-SYSTEM S.A. can be found at https://www.gaz-system.pl/o-firmie/informacje-podstawowe 2.10 Points of Customer Contact GAZ-SYSTEM CERT prefers e-mail contact. Please use our cryptographic key above to ensure integrity and confidentiality. Regular cases: Business hours response only: 08:00-16:00 local time on Monday-Friday save public holidays in Poland. Emergency cases: Use GAZ-SYSTEM CERT phonenumber with back-up of e-mail for all detail. The GAZ-SYSTEM CERT phonenumber is available at all times. 3. Charter 3.1 Mission Statement Building the GAZ-SYSTEM's competence and capabilities in avoiding, identifying and mitigating the cyber threats and GAZ-SYSTEM support in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency GAZ-SYSTEM CERT constituency includes all IT systems owned and managed by GAZ-SYSTEM S.A. 3.3 Sponsorship and/or Affiliation GAZ-SYSTEM CERT is affiliated within the Trusted Introducer (https://www.trusted-introducer.org) 3.4 Authority GAZ-SYSTEM CERT handles and coordinates incidents on behalf of GAZ-SYSTEM and is bound by internal GAZ-SYSTEM's terms. 4. Policies 4.1 Types of Incidents and Level of Support GAZ-SYSTEM CERT is authorized to address all types of computer security incidents which occur, or threaten to occur, in its constituency. All types of incidents, level of support are defined in Policy of Management for Cybersecurity Incidents for OGP GAZ-SYSTEM S.A. The level of support given by GAZ-SYSTEM CERT varys depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the availability of GAZ-SYSTEM's resources at the time. Incidents will be prioritized according to their severity and extent. 4.2 Co-operation, Interaction and Disclosure of Information GAZ-SYSTEM CERT declares that all information related to incidents handled is considered Confidential. Information evident to be sensitive or that may be harmful is handled only in a secure environment and encrypted in storage and in transit. When reporting an incident and providing sensitive information, please use encryption or contact GAZ-SYSTEM CERT to arrange different channel of secure communication. GAZ-SYSTEM CERT declares full support for the Information Sharing Traffic Light Protocol (https://www.trusted-introducer.org/ISTLPv11.pdf). Information sent in and labelled according to ISTLP will be handled appropriately. Information submitted to GAZ-SYSTEM CERT may be distributed on a need-to-know basis to trusted parties (such as ISPs, other CERT teams) for the sole purpose of incident handling. 4.3 Communication and Authentication GAZ-SYSTEM CERT uses PGP encryption to ensure the confidentiality and integrity of communication. All sensitive information sent in should be encrypted. Messages regarding incidents are sent by GAZ-SYSTEM CERT staff signed with our main PGP key (see 2.8) and encrypted when containing a sensitive information. GAZ-SYSTEM CERT reserves the right to verify the authenticity of information or its source to the extent allowed by the law. 5. Services 5.1 Incident Response GAZ-SYSTEM CERT will assist OGP GAZ-SYSTEM S.A. in handling the technical and organizational aspects of security incidents. GAZ-SYSTEM CERT capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Triage Incidents will be prioritized according to their apparent severity and extent Investigating whether indeed an incident occured. Determining the extent of the incident. 5.1.2 Incident Coordination Coordination of works carried out only within the internal structure of the OGP GAZ-SYSTEM S.A. 5.1.3 Incident Resolution Advise and coordination local teams on appropriate actions Follow up on the progress of the concerned involved local teams Ask for reports Report back 5.2 Proactive Activities GAZ-SYSTEM CERT makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Forms Mentioned above Policy of Management for Cybersecurity Incidents for OGP GAZ-SYSTEM S.A. defines also information set needed for reporting the incidents to GAZ-SYSTEM CERT, but you can directly use the e-mail contact with proper information when needed. In case of emergency or crisis, please provide to GAZ-SYSTEM CERT at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number, IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, GAZ-SYSTEM CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. -----BEGIN PGP PUBLIC KEY BLOCK----- mQENBFySCGoBCAC9xNH3whAUJAixIZWztrtq3s2P4UbwwkbAmvy6T/OsbniP6IX4 yb8F6ifYlG6HVQAMHL2680itCwB+3XprRrLmu5snQzVoIApUT+22gGeSxGpr+JAd +F6EMCSTxbdpvJs8LhzK2aXG3HZeq20eQ2ovoPAVjXtERXN4U9pla20u1jj052Vk oxraB3Iy0T6RQYdZsPBTAaP47dHhk8conqkOqB6bdqXiI97H3E510qQwgqwH79O9 98DNBzfF66K/tEHwF2JRJsMWT5MTAImPmNxYdW6fBYXuQU1THXIXKP5BU/izOr5J WIZz18YfwqlRC9uNjQ3ZLaxZOD4dePCCKoITABEBAAG0JENFUlQgR0FaLVNZU1RF TSA8Y2VydEBnYXotc3lzdGVtLnBsPokBVAQTAQgAPhYhBLY+3Arg79ZJ19T/CRni V/MBE5c9BQJckghqAhsDBQkDw81GBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJ EBniV/MBE5c9nHEH/1Ip1xOSEmNMah5gWeJS5erRrhAfgrKLr9bhOfi/0uBLieLI RuAReA8iNbsvqgnhUW6WHS3VePajrN015xE1M8B1aXK+906OwAFvb5B1vr/xNlxV KNkIygG1RQe2FH4abwYmreuSN28HqESCqnUnw0dAoMq8sN8e2hmqsK4zC6l44KsX ITG3gSiIJszoWOiU91tA5uyGVB3iIO5KStmC/TSDDif5hGZ2KpSe00ypuMDC1DMD urlOYzGl0xQgdzcrZ7O9Xg4XFOPoXqpZSx5DmwJamNS2RmQfWj/4o67kwvG35+TF vOeuivDJlygMNkEg/JR8dLYPYrXiaLPAShNVVpa5AQ0EXJIIagEIALLFs25AGAYQ AakdK27PqgysDnfKNPRlG77mi+RvbNEuJ5f9SUPIC7Wdco1C89Y8PReH3h7pCCUS Wp9ABJZS1fHoV5CZ50WudOnEB7c1rUSQY4+88uBssP570vgyV/S08IqXUF4pgKfB 6cW1eXSvKjwPy85CrhRLK14N9TEbFxAMQIq14gZ498ZJNQJngXpIXCeOvfGG8q5c DVvlcUl8CLC9gM2PPMkZGuwQCjZnvJs2xwohHhtn9MZp2SgLZErlQ2bxhKm3i4nV lsMKSgR0/kPoYzBAjfkAe12azZAuZijCwoRbvwQSf/4GKKn9GaviXqUSRL+us7Ub 31biOOLWzukAEQEAAYkBPAQYAQgAJhYhBLY+3Arg79ZJ19T/CRniV/MBE5c9BQJc kghqAhsMBQkDw81GAAoJEBniV/MBE5c9vsUH/25V3L8aYa+QlJVXVnyfLryd7TC0 pFDVbNiScYAqb6inuPmBSeXI1tMJCVvI/ltv4d2YEELW0mJKEyioGLTJLX4XJAoZ gMV+VBlOjyD7JLFC139qb6/tywVwuUqzoOdE3PGvmy2hO0a0lvH3z7sCwzqiE+u1 qr02EVEWS4vVvt/r63qVMwkEYo9ViZq22vBSncfCswSqMtTR+R+ZX13WV6sIRF9V 8tDhRMPz7R3WLPhrs5e+9UwfwtqOKxR/6qhx9l8ACtws36bHUcB3hh/Fo9t3sCG5 QUkcJw4bIi7QpXqOH3IVftQ2BN30LnqyIu30u5ETBPVZq95WWNllYR+ik7s= =cn7q -----END PGP PUBLIC KEY BLOCK-----