1. Document Information
This document complies with RFC 2350
1.1. Date of Last Update
This is version 1.1 published 2012/12/05.
1.2. Distribution List for Notifications
Notifications of updates are submitted to our constituency using established communication channels.
1.3. Locations where this Document May Be Found
The current version of this CSIRT description document is available from CESICAT website; its URL is RFC2350-en.txt
2. Contact Information
2.1. Name of the Team
Fundació Centre de Seguretat de la Informacio de Catalunya - Computer Emergency Response Team
Fundació Centre de Seguretat de la Informació de Catalunya
Carrer Salvador Espriu, 45
L’Hospitalet de Llobregat, 08908
2.3. Time Zone
Central European Time - CET (GMT+0100, and GMT+0200 from April to October)
2.4. Telephone Number
CERT emergency telephone number: +34 902 112 444
2.5. Other Telecommunication
2.6. Electronic Mail Address
<email@example.com> is a mail alias pointing to a ticketing tool managed by CESICAT-CERT staff.
2.7. Public Keys and Encryption Information
Please sign your messages using your own key which is verifiable using the public keyservers.
All members of CESICAT-CERT can read mail encrypted with the CESICAT-CERT PGP Operational Key so you may use it if you cannot find a key for a specific CESICAT-CERT member.
2.8. Team Members
No information is provided about the CESICAT-CERT team members in public.
2.9. Other Information
Further information about CESICAT can be found at: http://www.cesicat.cat/
CESICAT-CERT is accredited by the Trusted Introducer for CERTs in Europe; see https://www.trusted-introducer.org/teams/cesicat-cert.html for details.
CESICAT-CERT is a member of FIRST (Forum for Incident Response and Security Teams); see: http://www.first.org/members/teams/cesicat-cert for details.
2.11. Points of Customer Contact
The preferred method for contacting CESICAT-CERT is via e-mail.
- For general inquiries please send e-mail to firstname.lastname@example.org
- For Abuse or security issues please use: email@example.com
- For Network, server, or service issues please use: firstname.lastname@example.org
If it is not possible (or not advisable for security reasons) to use e-mail, CESICAT-CERT can be reached by telephone at any time (00:00 to 24:00 Monday to Sunday) on +34 902 112 444
3.1. Mission Statement
CESICAT-CERT's goal is performing security incident handling and coordination in the region of Catalonia (Spain), as a point of contact to report, identify and analyze impact of incidents and new threats in order to provide effective solutions and mitigation strategies.
Our constituency covers multiple ranges of IP addresses and domains from its different communities in Catalonia:
- Public Administration
- Small and Medium Enterprises
3.2.1 Internet domain address
Catalonia ASN/IP address space AS13041 AS15633 AS16153 AS21193 AS43115 AS49638 AS51676 AS39551 220.127.116.11/16 18.104.22.168/16 22.214.171.124/16 126.96.36.199/24 188.8.131.52/24 184.108.40.206/2
3.3. Sponsorship and/or Affiliation
CESICAT is a foundation mainly sponsored by Generalitat de Catalunya (Catalonia Government) and other remarkable organizations (trustees) being keyplayers for the different communities covered by its scope:
- Generalitat de Catalunya
- Consorci Administració Oberta de Catalunya (AOC)
- Ajuntament de Reus
- Fundació Barcelona Digital Centre Tecnologic
The Information Security Centre of Catalonia (CESICAT) is the Catalan Government agency in charge of executing the National Plan for IT security approved by the Catalan Government on 17 March 2009. CESICAT-CERT acts as the incident response team covering the various subjects of its scope: Public Administration, Companies, Universities and Research centres and citizens.
In addition, the Catalan Government agreement GOV/103/2012 of 16th October established that CESICAT is the organism in charge of Planning, managing and controlling cybersecurity for the Generalitat de Catalunya and its public sector.
4.1. Types of Incidents and Level of Support
All the incident reports received by CESICAT-CERT are analyzed, classified and prioritized according to internal incident classification policy so that an efficient and appropiate level of service is provided.
However, the level of service (such as providing on-site support) depends on the specific service catalog and conditions established for that community, being greater for criticial infrastructure and public administration areas such as central and local government and universities/research centers.
4.2. Co-operation, Interaction and Disclosure of Information
CESICAT geographical constituency boundary is Catalonia region, working closely with other related CSIRT teams in the State of Spain such as CCN-CERT (public administration), INTECO-CERT (SME and citizens) and IRIS-CERT (universities).
Cooperation agreements are in place with local law enforcement agency Mossos d'Esquadra (CME), private-vendor CERT security programs, and Telco/Internet Service Providers from CATNIX Internet Exchange Point.
CESICAT-CERT is willing to cooperate with any other security team that has incident activity or abuse complaints against any of its constituency communities involved.
Information regarding an incident will always be classified as "Confidential" and therefore it can't be communicated to a third party without prior adjustment which gives a different level of confidentiality. Information classified as "not public" is protected with internal procedures defining aspects such as encryption and physical safe storage.
CESICAT-CERT will only provide information to other parties with the sole purpose of facilitating the tasks of containment, eradication and recovery of incidents under the general principle of providing the minimum information possible.
4.3. Communication and Authentication
See 2.8 above. Usage of PGP/GnuPG in all cases where sensitive information is involved is highly recommended.
5.1. Incident Response (Triage, Coordination and Resolution)
CESICAT-CERT can assist system administrators in handling the technical and organizational aspects of computer security incidents.
5.2. Proactive Activities
CESICAT-CERT will assist customer organizations in handling the technical and legal aspects of computer incidents.
Services mainly cover the following areas:
- Alerts and Warnings
- Incident Handling
- Incident analysis
- Incident remote response support and guidance
- Incident response coordination with third parties
- Incident response onsite and evidence acquisition
- Vulnerability Handling
- Vulnerability analysis
- Vulnerability response
- Vulnerability response coordination
- Devices Handling
- Devices analysis
- Devices response and coordination
- Forensic analysis
Other proactive services are provided from the Security Operations and Communications area such as: Intrusion Detection, Vulnerability management, security awareness compaigns, etc.
In addition, CESICAT-CERT will collect statistics concerning incidents which occur within or involve its communities, and will notify them as necessary to assist it in protecting against known attacks.
To make use of CESICAT-CERT's incident response services, please send e-mail as per section 2.11 above. Please remember that the amount of assistance available will vary according to the parameters described in section 4.1.
6. Incident reporting Forms
Not available. Preferably report using encrypted e-mail.
While every precaution will be taken in the preparation of information, notifications and alerts, CESICAT-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.