CSIRT Description for CSIRT e-Zdrowia (English version) ======================================================= 1. About this document This document contains a description of CSIRT e-Zdrowia according to RFC 2350. It provides basic information about the CSIRT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Data ostatniej aktualizacji This is version 1.1, published 2020/06/30. 1.2 Distribution List for Notifications Currently CSIRT e-Zdrowia does not use any distribution lists to notify about changes in this document. 1.3 Location where this document may be found The current version of this CSIRT description is available on Centrum e-Zdrowia website at: https://www.csioz.gov.pl/CSIRT/ 1.4 Authenticating this Document This document includes CSIRT e-Zdrowia PGP signature. The signature is also on our Web site: https://www.csioz.gov.pl/CSIRT/ 2. Contact Information 2.1 Name of the Team Short name: CSIRT e-Zdrowia Full name: Cyber Security Response Team of e-Zdrowie Center 2.2 Address Centrum e-Zdrowia Departament Bezpieczeństwa ul. Stanisława Dubois 5a 00-184 Warszawa Polska 2.3 Time zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 22 597 09 27 2.5 Other Telecommunication None available 2.7 Electronic email address All incident reports shoud be submitted to: csirt[at]csioz.gov.pl 2.8 Public Keys and other Encryption Information PGP CSIRT e-Zdrowia Key: Key ID: A29B 48A5 1099 6DE8 Fingerprint: 6F6984C2E4AF849B697DAF16D2F81CCB20984DD6 The public key and its signature can be found on CSIRT e-Zdrowia information page: https://www.csioz.gov.pl/CSIRT/ 2.9 Points of Contact The preferred method for contacting with CSIRT e-Zdrowia is via e-mail. For general inquires please use adress: csirt[at]csioz.gov.pl> 3. Charter 3.1 Mission statement Building competence and capabilities of Centrum e-Zdrowia in avoiding, identifying and mitigating the cyber threats. Support of Centrum e-Zdrowia in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency CSIRT e-Zdrowia constituency includes all IT systems owned and managed by Centrum e-Zdrowia. 3.3 Sponsorship and/or Affiliation CSIRT e-Zdrowia is operating within Centrum e-Zdrowia 4. Policies 4.1 Types of Incidents and Level of Support CSIRT e-Zdrowia is authorized to address all types of computer and network security incidents which might occur, at Centrum e-Zdrowia constituency (in the scope of services provided). CSIRT e-Zdrowia prioritizes incidents accordingly to its severity, extend and matter. Incidents are handled accordingly to the priority. The level of support provided by CSIRT e-Zdrowia will vary, depending on the severity and type of the issue, as well as other circumstances relevant to case. 4.2 Co-operation, interaction and Disclosure of Information CSIRT e-Zdrowia exchanges all necessary to cooperation information with others CSIRT’s, as well as with affected parites’ administrators. No personally identifying information (PII) is exchanged, unless explicitly authorized. All sensitive data (such as PII, system configurations, known vulnerabilities with their locations, etc.) are encrypted, if they must be transmitted over unsecured environment. 4.3 Communication and authentication CSIRT e-Zdrowia is bound to obey regulations and policies enforced in Poland and EU covering sensitive information handling. For normal communication not containing sensitive information, CSIRT e-Zdrowia might use conventional methods like unencrypted e-mail or telephone. For secure communication PGP-encrypted e-mail will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. TF-CSIRT, FIRST) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. CSIRT e-Zdrowia also recognizes and supports the ISTLP (Information Sharing Traffic Light Protocol). 5. Services 5.1 Incident Response CSIRT e-Zdrowia will assist Centrum e-Zdrowia in handling the technical and organizational aspects of security incidents. CSIRT e-Zdrowia capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Detection and Analysis - determining authenticity of the incident - severity assessment 5.1.2 Incident Coordination Coordination of works carried out only within the internal structure of the Centrum e-Zdrowia. 5.1.3 Incident Resolution - technical assistance and investigation, which may include analysis of compromised systems - eradiction or elimination of the cause of a security incident (the vulnerability exploited), and its effects - collection of evidences, to start legal actions if necessary - recommendation of the security improvements to system administrators and CSIOZ management (post-mortem) - making reports 5.2 Proactive activites CSIRT e-Zdrowia makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Mentioned above Policy of Management for Cybersecurity Incidents for Centrum e-Zdrowia defines also information set needed for reporting the incidents to CSIRT e-Zdrowia, but you can directly use the e-mail contact with proper information when needed. In case of emergency or crisis, please provide to CSIRT e-Zdrowia at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number, IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CSIRT e-Zdrowia assumes no resposibility for errors or omissions, or for damages resulting from the use of the information it provides.