SI-CERT RFC 2350
1 Document Information
This document describes SI-CERT in accordance with RFC 2350.
1.1 Date of Last Update
Version 2.1, published on 12 December 2014.
1.2 Distribution List for Notifications
Changes to this document are not distributed by a mailing list.
1.3 Locations where this Document May Be Found
The document is located at the following address:
The latest version is available also upon request to cert(at)cert.si via electronic mail.
2 Contact Information
2.1 Name of the Team
SI-CERT: Slovenian Computer Emergency Response Team (English name)
SI-CERT: Slovenski odzivni center za kibernetsko varnost (Slovenian name)
ARNES, p.p. 7
2.3 Time Zone
- CET, Central European Time
(UTC+1, between last Sunday in October and last Sunday in March)
- CEST (also CET DST), Central European Summer Time
(UTC+2, between last Sunday in March and last Sunday in October)
2.4 Telephone Number
+386 1 479 88 22
2.5 Facsimile Number
+386 1 479 88 23
2.6 Other Telecommunication
2.7 Electronic Mail Address
2.8 Public Keys and Encryption Information
SI-CERT uses PGP for digital signatures and to receive encrypted information. The key is available on PGP/GPG keyservers and at http://www.cert.si/fileadmin/dokumenti/si-cert/si-cert-pgp.asc. Information about the key:
2.9 Team Members
Gorazd Božič is the Team Manager of SI-CERT. A full list of other members of SI-CERT is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.
2.10 Other Information
General information about SI-CERT in English language is available athttp://www.cert.si/en/. Information in Slovenian language including SI-CERT news and bulletins is available at http://www.cert.si/.
2.11 Points of Customer Contact
The preferred method of contacting SI-CERT is via e-mail at cert(at)cert.si. Office hours for SI-CERT are between 8:00 and 16:00 on working days. During office hours, SI-CERT staff is available via telephone. Outside office hours team member on duty regularly checks for reports directed to the mentioned e-mail address.
3.1 Mission Statement
SI-CERT offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving systems and networks located in Slovenia. In various ways SI-CERT helps raising awareness on issues of network and information security and provides advisories and alerts to the general public.
SI-CERT is the Slovenian national CERT and its constituency includes all networks and users located in Slovenia.
3.3 Sponsorship and/or Affiliation
SI-CERT operates within the Academic and Research Network of Slovenia (ARNES), which is a not-for-profit public institution funded by the Directorate of Information Society, Ministry of Education, Science and Sports.
SI-CERT is the national CSIRT of Slovenia as defined in the Law on Information Security (Art. 28).
SI-CERT operates within ARNES (Academic and Research Network of Slovenia) within the Sector of National Internet Infrastructure. SI-CERT strives to maintain active cooperation and partnerships with all Slovenian ISPs, law-enforcement bodies and other stakeholders in the field of network and information security.
4.1 Types of Incidents and Level of Support
SI-CERT handles various types of security incidents that occur on network equipment or are performed using IP-based networks located in Slovenia. The level of support depends on the type of the incident and the severity as determined by SI-CERT staff.
4.2 Co-operation, Interaction and Disclosure of Information
SI-CERT treats all information included in the correspondence as confidential. Information will only be disclosed to other parties involved in the investigation of the reported incident. In such events any identifiable information that is not crucial to the investigation by the party involved will be anonymised.
SI-CERT discloses information to other bodies only in accordance with applicable Slovenian legislation when presented with a court order.
4.3 Communication and Authentication
The preferred method of communication is via e-mail. When the content is deemed sensitive enough or requires authentication, SI-CERT PGP key is used for signing e-mail messages. All sensitive communication to SI-CERT should be encrypted by the team’s PGP key. Alternative methods can be agreed on over the phone.
5.1 Incident Response
SI-CERT will assist anyone within the constituency in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident Triage
- Investigating whether indeed an incident occured.
- Determining the extent of the incident.
5.1.2. Incident Coordination
- Determining the initial cause of the incident.
- Facilitating contact with other sites which may be involved.
- Making reports to other CSIRTs.
- Composing announcements to users, when applicable.
5.1.3. Incident Resolution
- Providing advice to the reporting party that will help removing the vulnerabilities that caused the incident and securing the systems from the effects of the incidents.
- Evaluating which actions are most suitable to provide desired results regarding the incident resolution.
- Provide assistance in evidence collection and data interpretation when needed.
5.2 Proactive Activities
- Awareness-raising program “Safe on the internet” (Varni na internetu)
SI-CERT is running the national awareness-raising program targeted at individual internet users and SMEs. Goals of the program are to provide efficient methods for risk identification and mitigation and to raise awareness via national campaigns.
- Information services
SI-CERT publishes advisories for events and incidents that are considered of special importance to users in the constituency. Information is disseminated via various channels (web, mailing lists, RSS feeds, Twitter feed).
- Training services
Pursuant to the Contract No. 4300-392/2013-2 between ARNES and Ministry of Defense, SI-CERT provides training in the area of incident handling and incident investigation for the members of Slovenian Armed Forces.
SI-CERT members give periodic lectures, seminars and workshops on network and information security topics.
6 Incident Reporting Forms
Reports are normaly sent to the e-mail address firstname.lastname@example.org, but can also be reported via the on-line form located at:
https://www.varninainternetu.si/prijavi-prevaro/ (in Slovenian language only).
While every precaution will be taken in the preparation of information, notifications and alerts, SI-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.