Description for Cybersecurity Team (English version) ======================================================= 1. About this document This document contains a description of Cybersecurity Team Exea Data Center according to RFC 2350. It provides basic information about the Cybersecurity Team, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Data ostatniej aktualizacji This is version 1.1, published 2022-09-14. 1.2 Distribution List for Notifications Currently Cybersecurity Team does not use any distribution lists to notify about changes in this document. 1.3 Location where this document may be found The current version of this Cybersecurity Team description is available on website at: https://exea.pl/zespol-cyberbezpieczenstwa/rfc2350_en.txt 2. Contact Information 2.1 Name of the Team Short name: CSIRT EXEA Full name: Exea Data Center Cybersecurity Team 2.2 Address Exea Data Center ul. W³oc³awska 167 87-100 Toruñ Poland 2.3 Time zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 56 699 54 00 2.5 Other Telecommunication None available 2.7 Electronic email address All incident reports shoud be submitted to: csirt[at]exea.pl 2.8 Public Keys and other Encryption Information PGP Cybersecurity Team Key: Key ID: 56BA B290 58FB 8F97 Fingerprint: F213 8A67 DB90 B475 ABF8 CB15 56BA B290 58FB 8F97 The public key and its signature can be found on Cybersecurity Team information page: https://exea.pl/zespol-cyberbezpieczenstwa 2.9 Points of Contact The preferred method for contacting with Cybersecurity Team is via e-mail. For general inquires please use adress: csirt[at]exea.pl 3. Charter 3.1 Mission statement Building competence and capabilities of Exea Data Center in avoiding, identifying and mitigating the cyber threats. Support of Exea Data Center in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency Cybersecurity Team constituency includes all IT systems owned and managed by Exea Data Center. 3.3 Sponsorship and/or Affiliation Cybersecurity Team is operating within Exea Data Center. 4. Policies 4.1 Types of Incidents and Level of Support Cybersecurity Team is authorized to address all types of computer and network security incidents which might occur, at Exea Data Center constituency (in the scope of services provided). Cybersecurity Team prioritizes incidents accordingly to its severity, extend and matter. Incidents are handled accordingly to the priority. The level of support provided by Cybersecurity Team will vary, depending on the severity and type of the issue, as well as other circumstances relevant to case. 4.2 Co-operation, interaction and Disclosure of Information Cybersecurity Team exchanges all necessary to cooperation information with others CSIRT’s, as well as with affected parites’ administrators. No personally identifying information (PII) is exchanged, unless explicitly authorized. All sensitive data (such as PII, system configurations, known vulnerabilities with their locations, etc.) are encrypted, if they must be transmitted over unsecured environment. 4.3 Communication and authentication Cybersecurity Team is bound to obey regulations and policies enforced in Poland and EU covering sensitive information handling. For normal communication not containing sensitive information, Cybersecurity Team might use conventional methods like unencrypted e-mail or telephone. For secure communication PGP-encrypted e-mail will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. TF-CSIRT, FIRST) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. Cybersecurity Team also recognizes and supports the ISTLP (Information Sharing Traffic Light Protocol). 5. Services 5.1 Incident Response Cybersecurity Team will assist Exea Data Center in handling the technical and organizational aspects of security incidents. Cybersecurity Team capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Detection and Analysis - determining authenticity of the incident - severity assessment 5.1.2 Incident Coordination Coordination of works carried out only within the internal structure of the Exea Data Center. 5.1.3 Incident Resolution - technical assistance and investigation, which may include analysis of compromised systems - eradiction or elimination of the cause of a security incident (the vulnerability exploited), and its effects - collection of evidences, to start legal actions if necessary - recommendation of the security improvements to system administrators and Exea Data Center management (post-mortem) - making reports 5.2 Proactive activites Cybersecurity Team makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Mentioned above Policy of Management for Cybersecurity Incidents for Exea Data Center defines also information set needed for reporting the incidents to Cybersecurity Team, but you can directly use the e-mail contact with proper information when needed. In case of emergency or crisis, please provide to Cybersecurity Team at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number, IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, Cybersecurity Team assumes no resposibility for errors or omissions, or for damages resulting from the use of the information it provides.