SI-CERT RFC 2350

1 Document Information

This document describes SI-CERT in accordance with RFC 2350.

1.1  Date of Last Update

Version 2.1, published on 12 December 2014.

1.2  Distribution List for Notifications

Changes to this document are not distributed by a mailing list.

1.3  Locations where this Document May Be Found

The document is located at the following address:

http://www.cert.si/en/detailed-information-rfc-2350.html

The latest version is available also upon request to cert(at)cert.si via electronic mail.

2 Contact Information

2.1  Name of the Team

SI-CERT: Slovenian Computer Emergency Response Team (English name)

SI-CERT: Slovenski odzivni center za omrežne incidente  (Slovenian name)

2.2  Address

SI-CERT
ARNES, p.p. 7
SI-1001 Ljubljana
Slovenia

2.3  Time Zone

  • CET, Central European Time
    (UTC+1, between last Sunday in October and last Sunday in March)
  • CEST (also CET DST), Central European Summer Time
    (UTC+2, between last Sunday in March and last Sunday in October)

2.4  Telephone Number

+386 1 479 88 22

2.5  Facsimile Number

+386 1 479 88 23

2.6  Other Telecommunication

None.

2.7  Electronic Mail Address

cert(at)cert.si

2.8  Public Keys and Encryption Information

SI-CERT uses PGP for digital signatures and to receive encrypted information. The key is available on PGP/GPG keyservers and at http://www.cert.si/fileadmin/dokumenti/si-cert/si-cert-pgp.asc. Information about the key:

pub   1024D/7231E551 2010-03-16
Key fingerprint = 9FBE 795D C4A8 0D60 9568  32FA A9F9 8661 7231 E551
uid                  SI-CERT <si-cert(at)arnes.si>
uid                  SI-CERT <cert(at)cert.si>
uid                  SI-CERT <info(at)cert.si>

 

2.9  Team Members

Gorazd Božič is the Team Manager of SI-CERT. A full list of other members of SI-CERT is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.

2.10 Other Information

General information about SI-CERT in English language is available athttp://www.cert.si/en/. Information in Slovenian language including SI-CERT news and bulletins is available at http://www.cert.si/.

2.11 Points of Customer Contact

The preferred method of contacting SI-CERT is via e-mail at cert(at)cert.si. Office hours for SI-CERT are between 8:00 and 16:00 on working days. During office hours, SI-CERT staff is available via telephone. Outside office hours team member on duty regularly checks for reports directed to the mentioned e-mail address.

3 Charter

3.1  Mission Statement

SI-CERT offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving systems and networks located in Slovenia. In various ways SI-CERT helps raising awareness on issues of network and information security and provides advisories and alerts to the general public.

3.2  Constituency

SI-CERT is the Slovenian national CERT and its constituency includes all networks and users located in Slovenia.

3.3  Sponsorship and/or Affiliation

SI-CERT operates within the Academic and Research Network of Slovenia (ARNES), which is a not-for-profit public institution funded by the Directorate of Information Society, Ministry of Education, Science and Sports.

3.4  Authority

SI-CERT operates with the authority of ARNES as its parent organization. SI-CERT strives to maintain active cooperation and partnerships with all Slovenian ISPs, law-enforcement bodies and other stakeholders in the field of network and information security.

Pursuant to resolution 38600-3/2009/21 of the Government of the Republic of Slovenia dated 8 April 2010 SI-CERT undertakes the duties of the response centre for incidents in state and public administration systems (Government CERT).

Electronic Communications Act (Ur. l. št. 109/2012) in Article 81 defines SI-CERT as the national contact point for incident handling in electronic networks.

 

4 Policies

4.1  Types of Incidents and Level of Support

SI-CERT handles various types of security incidents that occur on network equipment or are performed using IP-based networks located in Slovenia. The level of support depends on the type of the incident and the severity as determined by SI-CERT staff.

4.2  Co-operation, Interaction and Disclosure of Information

SI-CERT treats all information included in the correspondence as confidential. Information will only be disclosed to other parties involved in the investigation of the reported incident. In such events any identifiable information that is not crucial to the investigation by the party involved will be anonymised.

SI-CERT discloses information to other bodies only in accordance with applicable Slovenian legislation when presented with a court order.

4.3  Communication and Authentication

The preferred method of communication is via e-mail. When the content is deemed sensitive enough or requires authentication, SI-CERT PGP key is used for signing e-mail messages. All sensitive communication to SI-CERT should be encrypted by the team’s PGP key. Alternative methods can be agreed on over the phone.

5 Services

5.1  Incident Response

SI-CERT will assist anyone within the constituency in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1. Incident Triage

  • Investigating whether indeed an incident occured.
  • Determining the extent of the incident.

5.1.2. Incident Coordination

  • Determining the initial cause of the incident.
  • Facilitating contact with other sites which may be involved.
  • Making reports to other CSIRTs.
  • Composing announcements to users, when applicable.

5.1.3. Incident Resolution

  • Providing advice to the reporting party that will help removing the vulnerabilities that caused the incident and securing the systems from the effects of the incidents.
  • Evaluating which actions are most suitable to provide desired results regarding the incident resolution.
  • Provide assistance in evidence collection and data interpretation when needed.

5.2  Proactive Activities

  • Awareness-raising program “Safe on the internet” (Varni na internetu)
    SI-CERT is running the national awareness-raising program targeted at individual internet users and SMEs. Goals of the program are to provide efficient methods for risk identification and mitigation and to raise awareness via national campaigns.
  • Information services
    SI-CERT publishes advisories for events and incidents that are considered of special importance to users in the constituency. Information is disseminated via various channels (web, mailing lists, RSS feeds, Twitter feed).
  • Training services
    Pursuant to the Contract No. 4300-392/2013-2 between ARNES and Ministry of Defense, SI-CERT provides training in the area of incident handling and incident investigation for the members of Slovenian Armed Forces.
    SI-CERT members give periodic lectures, seminars and workshops on network and information security topics.

6 Incident Reporting Forms

Reports are normaly sent to the e-mail address cert@cert.si, but can also be reported via the on-line form located at:

https://www.varninainternetu.si/prijavi-prevaro/ (in Slovenian language only).

7.   Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, SI-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.