Date: March, 15 2023 17:30:00 +0000
1. Information about this document
This document describes the incident response service from Polytechnic Institute of Bragança (IPB), which is a portuguese polytechnic institute located in the cities of Bragança, Mirandela and Chaves, according to the RFC2350.
1.1 Date of last update
Version 1.6 published in 2023/03/15.
1.2 Distribution list for notifications
There is no existing distribution channel for notifications of updates.
1.3 Access to the present document
An updated version of this document can be found at https://csirt.ipb.pt/rfc2350.
An updated Portuguese version of this document can be found at https://csirt.ipb.pt/pt/rfc2350.
1.4 Authenticity of this document
For validation purposes, a PGP signed ASCII version of this document is located at https://csirt.ipb.pt/rfc2350-en.txt. The key used for signing is the CSIRT@IPB and is available at 2.8.
2. Contact information
2.1 Team name
CSIRT@IPB - Computer Security Incident Response Team of Polytechnic Institute of Bragança.
CSIRT@IPB Polytechnic Institute of Bragança Campus de Santa Apolónia - 5300-253 Bragança Portugal
2.3 Time zone
Portugal/WEST (GMT+0, GMT+1 in Summer Time)
2.4 Phone number
+351 273 303 060
2.6 Other means of communication
2.7 Electronic mail address
Email address for notification of cybersecurity incidents: email@example.com
Email address for other CSIRT@IPB service-related matters: firstname.lastname@example.org
2.8 Public keys and encryption information
User ID: CSIRT@IPB - CSIRT Polytechnic Institute of Bragança email@example.com
Key ID: 0D367A3B Key type: RSA
Key size: 4096 Expires: never
Fingerprint: EBBA 3870 C79F 83BD 94EA F33C E386 9A79 0D36 7A3B
2.9 Team members
Coordination: Tiago Pedrosa
Members: Eduardo Manuel Mendes Costa, Nuno Gonçalves Rodrigues, Sérgio Paulo Perdigão do Vale
Collaborators: Diogo Alves, Jorge Loureiro
2.10 Other information
More information about CSIRT@IPB can be found at https://csirt.ipb.pt/.
2.11 Points of Customer Contact
The CSIRT@IPB has the following means of communication
Email address: firstname.lastname@example.org
Phone number: +351 273 303 060
3.1 Mission statement
The CSIRT@IPB has as a mission, to provide incident response services in informatics security, namely, handling and coordinating response incidents, audit tasks, provisioning with alerts and security recommendations and in promoting a culture of informatics security in IPB.
3.2 Community served
The CSIRT@IPB responds to informatics security incidents in the Polytechnic Institute of Bragança context. The IP address set that are in the handling scope of the CSIRT@IPB are:
3.3 Sponsorship and/or Affiliation
CSIRT@IPB is an integrated center in Computer Services of Polytechnic Institute of Bragança.
Member of the Academic CSIRT Network:
Member of CSIRT National Network:
CSIRT@IPB is a Polytechnic Institute of Bragança service, whose authority competence is defined in the internal dispatch.
4.1 Types of Incidents and Level of Support
O CSIRT@IPB handles every type of cybersecurity incident, namely, those that result in a security violation of the following types:
- Malicious Code
- Information Gathering
- Intrusion attempt
- Information Security
- Abusive content
The privacy and data protection policy of CSIRT@IPB predicts that sensitive information may be passed to third parties, solely and exclusively in a case of necessity and with the express prior authorization of the individual or entity to whom such information belongs.
4.3 Communication and authentication
From the means of communication provided by CSIRT@IPB, the phone number and unencrypted electronic mail are considered sufficient for the transmission of non-sensitive information. For the transmission of sensitive information the use of PGP ciphers is mandatory.
5.1 Incident Response
CSIRT@IPB plans to support the systems administrators in managing the technical and organizational aspects of security incidents. In particular, provisioning assistance and advice on the following aspects of incident management:
5.1.1 Incident Screening
Determine when an incident is authentic.
Evaluate and prioritize and incident.
5.1.2 Incident Coordination
- Determine the organizations involved.
- Contact the organizations involved to investigate the incident and take appropriate action.
- Facilitate the contact with other parties that can be of help in resolving incidents.
- Send reports to other CERTs.
- We classify ourselves as a hub of information that knows the institute and that can route information related to computer security incidents to other parties therefore facilitate its resolution.
5.1.3 Incident Resolution
- Advise local system administration teams of the appropriate actions and measures to be taken.
- Monitor the progress of system administration teams in relation to security issues.
- Request reports.
- Respond to requests.
- The CSIRT@IPB collects incident statistics in the context of its institution.
5.2 Proactive activities
CSIRT@IPB coordinates and maintains the following services to expand its capabilities:
- Configuration and maintenance of security tools, applications and infrastructures.
- Development of security solutions.
- Intrusion detection services.
- Security audits or evaluations.
- Dissemination of information related to security.
- Monitor technological evolution.
- Monitor tendencies.
6. Incident reporting forms
There are no local forms available.
While every precaution will be taken in the preparation of information, notifications and alerts, CSIRT@IPB assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.