-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

CSIRT description for SK-CERT, National CSIRT of The Slovak Republic
 
1. Document Information
This document provides formal description of the SK-CERT based on RFC2350.
 
1.1. Date of Last Update
This is version 1.2, published on April 1st, 2018
 
1.2. Distribution List for Notifications
There is no distribution list for notifications about changes in this document.
 
1.3. Locations where this Document May be Found
The current version of this CERT description document is available on the SK-CERT site; its URL is: https://www.sk-cert.sk/o-nas/rfc2350/. Please make sure you are using the latest version of this document.
 
1.4. Authenticating this Document
For validation purposes, a GPG signed ASCII version of this document is located at https://www.sk-cert.sk/wp-content/uploads/2017/12/RFC2350.txt. The key used for signing is the SK-CERT key as listed under 2.8.
 
2.Contact Information
 
2.1. Name of the Team
SK - CERT – Slovak Computer Emergency Response Team
 
2.2. Address
SK-CERT Národný bezpečnostný úrad (National Security Authority)
Budatínska 30
851 06 Bratislava
Slovak Republic
 
2.3. Time Zone
GMT01 (GMT02 with DST which starts on the last Sunday in March and ends on the last Sunday in October)
 
2.4. Telephone Number
+421 2 6869 2858
+421 903 993 706
 
2.5. Fax Number
+421 2 6869 1700
 
2.6. Other Telecommunication
Not available at the present.
 
2.7. Electronic Mail Address
Official e - mail address: sk-cert(at)nbu.gov.sk
Address for incident reporting: incident(at)nbu.gov.sk
 
2.8. Public Keys and Encryption Information
PGP/GnuPG is supported for secure communication.
SK-CERT PGP Key ID: 0xCF7496BD1A1A0ACD
SK-CERT PGP Key Fingerprint: D66E 619A E83A 8802 51A6 5AC7 CF74 96BD 1A1A 0ACD
The current SK - CERT team - key can be found on this place. Please use this key when you want/need to encrypt messages that you send to SK-CERT . When due, SK-CERT will sign messages using the same key. When due, sign your messages using your own key please - it helps when that key is verifiable using the public key - servers.
 
2.9. Team Members
A complete list of SK-CERT members is not publicly available. If necessary, members of SK-CERT will identify themselves in particular situations, like incident reporting, response, coordination, support etc.
 
2.10. Other Information
General information about SK-CERT can be found at: https://www.sk-cert.sk
 
2.11. Points of Customer Contact
Regular cases: the preferred method for contacting SK-CERT is via e-mail sk-cert(at)nbu.gov.sk.
Regular response hours: 24/7 service
EMERGENCY cases: if it is not possible (or not advisable for security reasons) to use an e-mail, the SK-CERT can be reached by emergency telephone number: +421 903 993 706.
 
3. Charter
 
3.1. Mission Statement
SK-CERT is the National CSIRT of the Slovak Republic. SK-CERT’s mission is to provide national-level CSIRT services, as well as distributing information and research. SK-CERT performs the following tasks:

    is a Point of Contact for constituents and other partners,
    maintains foreign relations and communicates with foreign partners, and with the global community of CERT/CSIRT teams, and with organizations supporting the community,
    cooperates with various entities across the country, such as organizations in critical infrastructure, security forces and organizations, ISPs, domain providers, content providers, banks and other financial institutions, academic community, public authorities and other important institutions,
    provides security services such as:
        proactive actions to prevent cyber security incidents, to prepare for such incidents and reduce the impact,
        coordination in case of cyber security incidents,
        education, tutoring and training.

SK-CERT also handles incidents that originate in networks of Slovak Republic and are reported to the team by any person or institution.
 
3.2. Constituency
The SK-CERT team constituency is located in cyberspace of Slovak Republic. SK-CERT is a national CSIRT, meaning that it provides services to all users and networks in 
	internet public ASN and IP addresses located/originated and/or operating in Slovak Republic,
	domains under .sk top level domain,
	domains under top level domains other than .sk which are in use or maintained by Slovak entities,
	parts of critical infrastructure not under oversight of other designated CSIRT.
SK-CERT is capable of forwarding requests to sectorial CSIRTs.
	
 
3.3. Sponsorship and/or Affiliation
SK-CERT is a national CSIRT of Slovakia and it was established as a department of National Security Authority of the Slovak Republic.
 
3.4. Authority
The main authority of SK-CERT is coordinate and support incident response for their constituency
 
4. Policies
 
4.1. Types of Incidents and Level of Support
SK-CERT provides services in incident handling for their constituency and a level of support depending on type and severity of particular incident. Modus of incident handling and response also depends on actual personal and technical resources and condition of SK-CERT.
 
4.2. Co-operation, Interaction and Disclosure of Information
SK-CERT actively cooperates with other home and foreign CSIRTs. SK-CERT exchanges all necessary information with constituents, partners and other CSIRTs. Incident handling and information sharing is done based on priority and sensitivity, within boundaries of established law and restrictions in Data Protection law. Encryption is used when dealing with sensitive data and information. SK-CERT supports the Information Sharing Traffic Light Protocol (ISTLP) - information that comes with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
 
4.3. Communication and Authentication
For regular communication (not containing sensitive information) SK-CERT uses unencrypted email or phone. For secure communication PGP encrypted communication is used.
 
5. Services
 
5.1 Incident response
Incident response by SK-CERT is based on cooperation and support to handling computer security incident, distribute all important information to constituents and partners and provide all necessary steps to
reduce the impact of incident. In incident response SK-CERT respect these aspects:
5.1.1. Incident Triage

    Investigating whether indeed an incident is authentic
    Investigating whether an incident is still relevant
    Determining the extent of the incident
    Prioritizing the incident

5.1.2. Incident Coordination

    Determining the initial cause of the incident
    Determining the involved organizations and maintaining contact with them
    Investigating the incident and take the appropriate steps in cooperation with involved organizations
    Facilitating contact to other parties which can help resolve the incident
    Facilitating contact with other sites which may be involved
    Facilitating contact with appropriate law enforcement officials, media if necessary

5.1.3. Incident Resolution

    Collecting the evidence of the incident
    Sharing all important information with constituents and partners

SK-CERT will give advice, can established cooperation and communication between involved parties, but no physical support. SK-CERT also collects statistics about reported incidents and their solving.
 
5.2. Proactive Activities
SK-CERT is performing steps in proactive services, mainly in the form of preventive measures. That includes:

    Announcements about existing vulnerabilities, hacking methods and malware types
    Technology watch
    Configuration and infrastructure maintenance
    Infiltration detection
    Information dissemination
    Threats Monitoring in cyberspace (included internet, networks, IoT)
    Education and awareness raising in the field of information security
    Assistance by new CSIRT/CERT development at the national level

6. Incident Reporting Forms
If possible, please use the Incident Reporting Form available at https://sk-cert.sk. Otherwise write an e-mail with detailed description of the incident to sk-cert(at)nbu.gov.sk.
 
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, SK-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE1m5hmug6iAJRplrHz3SWvRoaCs0FAlrGAoYACgkQz3SWvRoa
Cs3Qkw//SJHwM+XMffG68SEvb3WBXFii/djyYnpwPH9ppZ42jCkPB0k8h68L+4ju
Gitgvwz4E9fAp6IfgplZW31DmNRBLp2+LhjxJ+fnss96GcxEvdyBcCOvSHps385n
pNIpWHvUxBtr5TBwxjwQlniUqGXglY1aUPDosxrQtJvtfXhRatfK4A77xukL0FBR
if2c0NNpfWd+8559NFnKJslilIDwqNeNsqvOweFXEuS9G3zoC+56yymgABGdjxlQ
5xthNAN4eWYj4qHGNghCO0iH0LHCxpBawtOqelV97bp8UvftauhYaOP/s2xuiSC3
4nRZJQ58+jIZddUdA5tNi8FVqeesKzKmrpZF7griF7eU3TXAT9nBCVBOnawB2fXM
jcXf1LKrkUXEc1h6du0O3ESSmCnuEXipN7qMGcyfL5bLMIepKXBVhwpq5xTjgLQM
qneCkew3Omdq2ouWY5ivoePoJ8bY1H7Tj1ilVxaihc/v2whRjwm9PjkrkATRP4qt
kWCSSU3CZ9LK61vPQi371DvxkATkKJE5C46Hw+GLjZ5bXfo0OXvLthCAQpMXrjJa
g4zYyiWWMa82tMaPj9XIpM6PlQ5M1Mgr/gXPrQtgRzSJ0dAJ3FoAXJHm17D5lYU4
HKC/wtIY5N9OvC49gnlsYVJ9AxqtxUc2A3R/ZQ4ETvXxw4KzDkw=
=Sv02
-----END PGP SIGNATURE-----