Svetainės struktūraGrįžti į pradinį puslapįENPaieška

SVDPT CERT apibūdinimas

 
Pradžia  Pradžia   Pradžia   Kodėl mes   Pradžia   SVDPT-CERT   Pradžia   SVDPT CERT apibūdinimas

CSIRT Description for SVDPT-CERT

 

1. About this document

 

1.1 Date of Last Update

This is version 1.0, published Oct 22 2012.

 

1.2 Distribution List for Notifications

SVDPT-CERT doesn't use any distribution list to notify about changes to this document.

 

1.3 Locations where this Document May Be Found

The current version of this CSIRT description document is available from the SVDPT-CERT www site; its URL is http://www.svdpt-cert.lt/index.php?n=31&l=LT. Please make sure you are using the latest version.

 

1.4 Authenticating this document

 

2. Contact Information

 

2.1 Name of the Team

SVDPT-CERT is computer emergency response team.

 

2.2 Address

SVDPT-CERT

PILIES STREET 23/15

01123 VILNIUS

Lithuania

 

2.3 Time Zone

Eastern Europe Time (GMT+0200, and GMT+0300 from April to October).

 

2.4 Telephone Number

+370 5 239 766

 

2.5 Facsimile Number

+370 5 279 13 31

 

2.6 Other Telecommunication

There is form in website http://www.svdpt-cert.lt/index.php?p=0&l=LT&n=9 through which clients can contact us.

 

2.7 Electronic Mail Address

<This is a mail alias that relays mail to the human(s) on duty for the SVDPT-CERT.

 

2.8 Public Keys and Other Encryption Information

The SVDPT-CERT has a PGP key, whose KeyID is 0xB21277F3 and whose fingerprint is 

F5CAFA1175D9E61859E9312008A3D4A6B21277F3 
The key and its signatures can be found at the usual large public key servers (such as pgp.mit.edu).

 

2.9 Team Members

SVDPT-CERT has three persons – SVDPT-CERT member.

 

2.10 Other Information

General information about the SVDPT-CERT , as well as links to various recommended security resources, can be found at http://www.svdpt-cert.lt .

 

2.11 Points of Customer Contact

The preferred method for contacting the SVDPT-CERT is via e-mail at <>;

e-mail sent to this address will handled by the responsible human.

If it is not possible (or not advisable for security reasons) to use e-mail, the SVDPT-CERT can be reached by telephone (8 5 239 1766 ) during regular office hours.

The SVDPT-CERT's hours of operation are generally restricted to regular business hours (08:00 to 17:00 Monday to Thursday; 08:00 to 15:45 Friday (Except national holidays)).

 

3. CHARTER

 

3.1 Mission Statement

SVDPT-CERT computer emergency response team's mission – information security incidents investigation, coordination and prevention.

 

3.2 Constituency

SVDPT-CERT's constituency is all organizations connected to SVDPT Network (AS6769).

 

3.3 Sponsorship and/or Affiliation

State enterprise “Infostruktūra” contains SVDPT-CERT.

In October 20 2009 SVDPT-CERT has become an accredited Trusted Introducer (TI) (TI - is the trusted backbone of the Security and Incident Response Team community in Europe) member.

 

3.4 Authority

SVDPT-CERT is subordinate by SE “Infostruktūra” management.

 

4. Policies

 

4.1 Types of Incidents and Level of Support

SVDPT-CERT is responsible for all types of computer security incidents and threats that have occurred or may occur SVDPT network.

SVDPT-CERT provided support level may vary from incident type and severity of the client and the resources available at the time, but in all cases will respond within one working day. Classification of incidents dealt with by the SVDPT-CERT:

  • Unsolicited e-mails;

  • Malicious software (Botnet);

  • Denial of service attack (DoS \ DDoS);

  • Malicious software (viruses);

  • Defacment;

  • Hijacking;

  • Manipulation;

  • and other.

 

4.2 Co-operation, Interaction and Disclosure of Information

All SVDPT-CERT received information is treated confidentially.

SVDPT-CERT will use the information only for information security incident resolution and only by the laws procedures will reveal the available information a third party.

SVDPT-CERT do not report incidents to law enforcement, unless required by the Lithuanian law. We are able to advise clients to inform law enforcement on serious incidents. SVDPT-CERT cooperate with law enforcement authorities only officially investigating incidents.

SVDPT-CERT does not communicate or provide information to the media.

 

4.3 Communication and Authentication

We recommend that you encrypt the information sent by e-mail using PGP/GPG encryption method. When SVDPT-CERT gets encrypted message, reply message is also encrypted. Communicating by telephone we can ask the person's name, job title and phone number for identification purpose.

 

5. Services

 

5.1 Incident Response

SVDPT-CERT carry out researchs and responds to the Lithuanian state institutions and local information security incidents.

 

5.1.1 Incident Triage

National computer systems and critical infrastructure facilities are considered as a priority.

 

5.1.2 Incident Coordination

SVDPT-CERT handle incident response coordination.

 

5.1.3 Incident Resolution

  • Provides guidance on how to eliminate vulnerabilities.
  • Evidences are collected for solving incidents.
  • Monitoring of various security tools.

 

5.2 Proactive Activities

SVDPT-CERT executes quality security management functions:

  • Business continuity and disaster recovery planning,

  • Risk analysis and information security consulting.

 

6. Incident Reporting Forms

SVDPT-CERT has created an online incident reporting form which is available at http://www.svdpt-cert.lt/index.php?p=0&l=LT&n=12. This is the most preferable way to report a computer security incident to SVDPT-CERT.

 

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, SVDPT-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.