Description for Cybersecurity Team (English version) ======================================================= 1. About this document This document contains a description of Cybersecurity Team e-Zdrowie Center according to RFC 2350. It provides basic information about the Cybersecurity Team, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Data ostatniej aktualizacji This is version 1.2, published 2021/08/04. 1.2 Distribution List for Notifications Currently Cybersecurity Team does not use any distribution lists to notify about changes in this document. 1.3 Location where this document may be found The current version of this Cybersecurity Team description is available on Centrum e-Zdrowia website at: https://www.cez.gov.pl/CSIRT/ 1.4 Authenticating this Document This document includes Cybersecurity Team PGP signature. The signature is also on our Web site: https://www.cez.gov.pl/CSIRT/ 2. Contact Information 2.1 Name of the Team Short name: Cybersecurity Team Full name: Cybersecurity Team of e-Zdrowie Center 2.2 Address Centrum e-Zdrowia Departament Bezpieczeństwa ul. Stanisława Dubois 5a 00-184 Warszawa Polska 2.3 Time zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 573 205 962 2.5 Other Telecommunication None available 2.7 Electronic email address All incident reports shoud be submitted to: csirt[at]cez.gov.pl 2.8 Public Keys and other Encryption Information PGP Cybersecurity Team Key: Key ID: A29B 48A5 1099 6DE8 Fingerprint: 6F6984C2E4AF849B697DAF16D2F81CCB20984DD6 The public key and its signature can be found on Cybersecurity Team information page: https://www.cez.gov.pl/CSIRT/ 2.9 Points of Contact The preferred method for contacting with Cybersecurity Team is via e-mail. For general inquires please use adress: csirt[at]cez.gov.pl> 3. Charter 3.1 Mission statement Building competence and capabilities of Centrum e-Zdrowia in avoiding, identifying and mitigating the cyber threats. Support of Centrum e-Zdrowia in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency Cybersecurity Team constituency includes all IT systems owned and managed by Centrum e-Zdrowia. 3.3 Sponsorship and/or Affiliation Cybersecurity Team is operating within Centrum e-Zdrowia 4. Policies 4.1 Types of Incidents and Level of Support Cybersecurity Team is authorized to address all types of computer and network security incidents which might occur, at Centrum e-Zdrowia constituency (in the scope of services provided). Cybersecurity Team prioritizes incidents accordingly to its severity, extend and matter. Incidents are handled accordingly to the priority. The level of support provided by Cybersecurity Team will vary, depending on the severity and type of the issue, as well as other circumstances relevant to case. 4.2 Co-operation, interaction and Disclosure of Information Cybersecurity Team exchanges all necessary to cooperation information with others CSIRT’s, as well as with affected parites’ administrators. No personally identifying information (PII) is exchanged, unless explicitly authorized. All sensitive data (such as PII, system configurations, known vulnerabilities with their locations, etc.) are encrypted, if they must be transmitted over unsecured environment. 4.3 Communication and authentication Cybersecurity Team is bound to obey regulations and policies enforced in Poland and EU covering sensitive information handling. For normal communication not containing sensitive information, Cybersecurity Team might use conventional methods like unencrypted e-mail or telephone. For secure communication PGP-encrypted e-mail will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. TF-CSIRT, FIRST) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. Cybersecurity Team also recognizes and supports the ISTLP (Information Sharing Traffic Light Protocol). 5. Services 5.1 Incident Response Cybersecurity Team will assist Centrum e-Zdrowia in handling the technical and organizational aspects of security incidents. Cybersecurity Team capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Detection and Analysis - determining authenticity of the incident - severity assessment 5.1.2 Incident Coordination Coordination of works carried out only within the internal structure of the Centrum e-Zdrowia. 5.1.3 Incident Resolution - technical assistance and investigation, which may include analysis of compromised systems - eradiction or elimination of the cause of a security incident (the vulnerability exploited), and its effects - collection of evidences, to start legal actions if necessary - recommendation of the security improvements to system administrators and CEZ management (post-mortem) - making reports 5.2 Proactive activites Cybersecurity Team makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Mentioned above Policy of Management for Cybersecurity Incidents for Centrum e-Zdrowia defines also information set needed for reporting the incidents to Cybersecurity Team, but you can directly use the e-mail contact with proper information when needed. In case of emergency or crisis, please provide to Cybersecurity Team at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number, IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, Cybersecurity Team assumes no resposibility for errors or omissions, or for damages resulting from the use of the information it provides.