Description for Cybersecurity Team (English version) ======================================================= 1. About this document This document contains a description of Cybersecurity Team e-Zdrowie Center according to RFC 2350. It provides basic information about the Cybersecurity Team, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Data ostatniej aktualizacji This is version 1.3, published 2024/19/11. 1.2 Distribution List for Notifications Currently Cybersecurity Team does not use any distribution lists to notify about changes in this document. 1.3 Location where this document may be found The current version of this Cybersecurity Team description is available on Centrum e-Zdrowia website at: https://cez.gov.pl/pl/page/kontakt 1.4 Authenticating this Document This document includes Cybersecurity Team PGP signature. The signature is also on our Web site: https://cez.gov.pl/pl/page/kontakt 2. Contact Information 2.1 Name of the Team Short name: CSIRT-CEZ Full name: Sectoral Computer Security Incident Response Team 2.2 Address Centrum e-Zdrowia CSIRT Division ul. Stanisława Dubois 5a 00-184 Warszawa Polska 2.3 Time zone Central European Time (CET) - UTC+1 Central European Summer Time (CEST) - UTC+2 according to EU regulations (from the last Sunday of March to the last Sunday of October) 2.4 Telephone Number +48 573 205 962 2.5 Other Telecommunication None available 2.7 Electronic email address All incident reports shoud be submitted to: csirt[at]cez.gov.pl 2.8 Public Keys and other Encryption Information PGP Cybersecurity Team Key: Key ID: 784E 6C77 8BBC 67EE Fingerprint: 37C775358972DE361DC2D78C784E6C778BBC67EE The public key and its signature can be found on Cybersecurity Team information page: https://cez.gov.pl/pl/page/kontakt 2.9 Points of Contact The preferred method for contacting with Cybersecurity Team is via e-mail. For general inquires please use adress: 3. Charter 3.1 Mission statement Building competence and capabilities of Centrum e-Zdrowia in avoiding, identifying and mitigating the cyber threats. Support of Centrum e-Zdrowia in the dealing with cyber threats. Contribute to the national cybersecurity efforts. 3.2 Constituency Cybersecurity Team constituency includes all IT systems owned and managed by Centrum e-Zdrowia. 3.3 Sponsorship and/or Affiliation Cybersecurity Team is operating within Centrum e-Zdrowia 4. Policies 4.1 Types of Incidents and Level of Support The Cybersecurity Team is authorized to address all types of computer and network security incidents that might occur within the Centrum e-Zdrowia constituency (within the scope of services provided). The Cybersecurity Team prioritizes incidents according to their severity, extent, and matter. Incidents are handled according to their priority. The level of support provided by the Cybersecurity Team will vary depending on the severity and type of the issue, as well as other relevant circumstances. 4.2 Co-operation, interaction and Disclosure of Information The Cybersecurity Team exchanges all necessary information for cooperation with other CSIRTs, as well as with the administrators of affected parties. No personally identifying information (PII) is exchanged unless explicitly authorized. All sensitive data (such as PII, system configurations, known vulnerabilities with their locations, etc.) are encrypted if they must be transmitted over an unsecured environment. 4.3 Communication and authentication The Cybersecurity Team is bound to obey regulations and policies enforced in Poland and the EU regarding sensitive information handling. For normal communication not containing sensitive information, the Cybersecurity Team might use conventional methods like unencrypted email or telephone. For secure communication, PGP-encrypted email will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g., TF-CSIRT, FIRST) or by other methods like call-back, mail-back, or even face-to-face meetings if necessary. The Cybersecurity Team also recognizes and supports the ISTLP (Information Sharing Traffic Light Protocol). 5. Services 5.1 Incident Response Cybersecurity Team will assist Centrum e-Zdrowia in handling the technical and organizational aspects of security incidents. Cybersecurity Team's capabilities cover the full cycle of incident response: - handling - managing - resolving - mitigating 5.1.1 Incident Detection and Analysis - determining authenticity of the incident - severity assessment 5.1.2 Incident Coordination Coordination of works carried out only within the internal structure of the Centrum e-Zdrowia. 5.1.3 Incident Resolution - technical assistance and investigation, which may include analysis of compromised systems - eradiction or elimination of the cause of a security incident (the vulnerability exploited), and its effects - collection of evidences, to start legal actions if necessary - recommendation of the security improvements to system administrators and CEZ management (post-mortem) - making reports 5.2 Proactive activites Cybersecurity Team makes an efforts to enhance constituents immunity to security incidents and to limit the impact of incidents that occur. 6. Incident Reporting Mentioned above Policy of Management for Cybersecurity Incidents for Centrum e-Zdrowia defines also information set needed for reporting the incidents to Cybersecurity Team, but you can directly use the e-mail contact with proper information when needed. In case of emergency or crisis, please provide to Cybersecurity Team at least the following information: Contact details and organizational information: name of person and organization name and address, email address, telephone number, IP address(es), FQDN(s), and any other relevant technical element with associated observation; Scanning results (if any) and/or any extract from the log showing the problem. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, Cybersecurity Team assumes no resposibility for errors or omissions, or for damages resulting from the use of the information it provides.