RFC 2350 • Perseus Cybersecurity Services

1. DOCUMENT INFORMATION

This document contains a description of P3-CERT according to RFC 2350.
It provides basic information about the CSIRT, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of Last Update

This is version 1.0, last update 24/05/2022.

1.2 Distribution List for Notifications

Notifications of updates are submitted to our constituency via the established communication channels.

2. CONTACT INFORMATION

2.1 Name of the Team

P3-CERT: Perseus Ciberseguridad CERT

2.2 Address

Parque Tecnológico de Bizkaia
Edificio 205B
48170 Zamudio, Bizkaia

2.3 Time Zone

Spain (CET/GMT+0100 and CEST/GMT+0200 from April to October)

2.4 Telephone Number

Regular telephone number: +34 944 360 504

2.5 Other Telecommunication

Videoconference options available upon request.

2.6 Electronic Mail Address

P3-CERT email address: cert@pers.eus
This is the mail to contact CERT representatives for general purposes. Do not use for incidents reporting.

2.7 Public Keys and Other Encryption Information

The P3-CERT has the following PGP keys: cert@pers.eus
KeyID: 0x3023EDD3
Fingerprint: 2DB0B8F32A0C36B8E099C0CEAF0EB0123023EDD3
The key and its signature can be found at the usual large public key servers.

2.8 Team Members

No information provided in public

2.9 Other Information

General information about the P3-CERT will be published on the Perseus website

2.10 Points of Customer Contact

P3-CERT constituency have high priority methods available (email and phone) that allow to be more efficient in the analysis and resolution of the incident.
An incident report form is also publicly available on https://www.pers.eus/emergencias/

2.11 Operating hours

The hours of operation of the service will be from 08:00 to 18:00, Monday through Friday, except holidays.
Incident Response Team is available for his constituencies by a security guard team 24x7x365, as well as publicly on https://www.pers.eus/emergencias/

3. CHARTER

3.1 Mission Statement

The purpose of the P3-CERT is to coordinate the resolution of IT security incidents affecting its constituency and to proactively help prevent such incidents from occurring to maintain the availability, integrity, and confidentiality of the information.

3.2 Constituency

P3-CERT is part of Perseus Ciberseguridad S.L. and therefore provides information security services to Perseus Ciberseguridad and its clients including both public and private companies and entities.

3.3 Authority

P3-CERT operates under the auspices of, and with authority delegated by, Perseus Ciberseguridad S.L.

4. POLICIES

4.1 Types of Incidents and Level of Support

P3-CERT is authorized to address all types of security incidents which occur, or threaten to occur, in its constituency.
P3-CERT will always provide incident response services to any constituent who requires them if it is possible in time and resources. The priority and level of support will vary depending on the type and severity of the incident, the type of constituent and the availability of resources at the time.

4.2 Co-operation, Interaction and Disclosure of Information

P3-CERT will cooperate with other organizations in the field of computer and network security. This cooperation often requires the exchange of vital information regarding security incidents and vulnerabilities. In such cases P3-CERT conforms to the Information Sharing Traffic Light Protocol (TLP).
Nevertheless P3-CERT will protect the privacy of its constituency. Sensitive data (such as personal information about employees, system configurations, known vulnerabilities with their locations) will never be shared without express consent or without being forced due to a Court’s order.

4.3 Communication and Authentication

For transmissions of lowly sensitive data, regular email or telephone are considered appropriate methods of communication. In case of need to exchange confidential or high- sensitivity data, PGP (or any other encryption system) will be used. P3-CERT recognizes and adopts TLP (Traffic Light Protocol) for sharing and dissemination of information.

5. SERVICES

5.1 Reactive Services

This service may be initiated by third-party notification or by viewing monitoring or intrusion detection system (IDS) logs and alerts.

5.1.1 Alerts and warnings monitoring

This involves disseminating information that describes an intruder attack, security vulnerability, intrusion alert, computer virus, or hoax, and providing any short-term recommended course of action for dealing with the resulting problem.

5.1.2 Incident and vulnerability handling

Incident handling involves receiving, triaging, and responding to requests and reports, as well as analyzing incidents and events. Vulnerability handling involves receiving information and reports about hardware and software vulnerabilities; analyzing the nature, mechanics, and effects of the vulnerabilities; and developing response strategies for detecting and repairing the vulnerabilities.

5.1.3 Incident response

P3-CERT will perform the following activities involved on this kind of incident response (remote support and on site if necessary):

Triage: Investigate whether indeed an incident occurred and determining the extent of the incident.
Coordination: Determining the initial cause of incident (whether a vulnerability was exploited), acting as intermediate or facilitating contact with appropriate security services such as product manufacturer support technicians.
Incident analysis: an examination of all available information and supporting evidence or artifacts related to an incident or event. It involves identifying the scope of the incident, the extent of damage caused by the incident, the nature of the incident, and available response strategies or workarounds.
Resolution: Removing the vulnerability, applying the necessary mitigation operations, securing the system from the effects of the incident.

5.2 Proactive Services

P3-CERT will keep their constituency informed regarding recent vulnerabilities and risks, including mitigation recommendations and actions to mitigate the risk in case its constituency is potentially affected.

5.2.1 Announcements

Intrusion alerts, vulnerability warnings, security advisories, etc. These announcements inform constituencies about new developments with medium to long-term impact, such as newly found vulnerabilities or intruder tools.

5.2.2 Security Audits or Assessments

This service provides a detailed review and analysis of a constituency security infrastructure, based on the requirements defined by the organization or by other industry standards that apply.

5.2.3 Configuration and maintenance of security tools, infrastructures, and services

This service identifies or provides appropriate guidance on how to securely configure and maintain tools and the general computing infrastructure used by the P3-CERT constituency. Besides providing guidance, the P3-CERT may perform configuration updates and maintenance of security tools and services, such as IDS, network scanning or monitoring systems, filters, firewalls, virtual private networks (VPN), or authentication mechanisms.

5.2.4 Intrusion Detection Services

P3-CERT reviews existing IDS logs, analyze and initiate a response for any events that meet their defined threshold, or forward any alerts according to a pre-defined service level agreement or escalation strategy.

5.2.5 Security-Related Information Dissemination

This service provides constituencies with a comprehensive collection of useful information that aids in improving security, such information might include reporting guidelines and contact information for the P3-CERT; archives of alerts, warnings, and other announcements;

documentation about current best practices; general computer security guidance; policies, procedures, and checklists; patch development and distribution information; etc.

5.3 Security Quality Management Services

5.3.1 Risk Analysis

This service may be able to add value to risk analysis and assessments, which can improve the organization’s ability to assess real threats, provide realistic qualitative and quantitative assessments of the risks to information assets, and evaluate protection and response strategies.

5.3.2 Business Continuity and disaster recovery planning

Based on past occurrences and future predictions of emerging incident or security trends, more and more incidents have the potential to result in serious degradation of business operations. Therefore, planning efforts should consider P3-CERT and Perseus personnel experience and recommendations in determining how best to respond to such incidents to ensure the continuity of business operations.

5.3.3 Security Consulting

P3-CERT and Perseus personnel can be used to provide advice and guidance on the best security practices to implement for constituencies business operations. Perseus is involved in preparing recommendations or identifying requirements for purchasing, installing, or securing new systems, network devices, software applications, or enterprise-wide business processes.

5.3.4 Awareness building

P3-CERT may be able to identify where constituencies require more information and guidance to better conform to accepted security practices and organizational security policies.

5.3.5 Education and Training

This service involves providing information to constituencies about computer security issues through seminars, workshops, courses, and tutorials.

6. INCIDENT REPORTING FORMS

An incident report form is available on https://www.pers.eus/emergencias/

7. DISCLAIMERS

While every precaution will be taken in the preparation of information, notifications and alerts, P3-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

Cookie	Duración	Descripción
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.