-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 1 Information about this document This document describes the computer security incident response service of the Escola Superior de Enfermagem de Lisboa in accordance with RFC 2350. 1.1 Date of last update Version 1.1 published on 2025/01/28 1.2 Distribution lists for notifications There is no distribution channel for notifying changes to this document. Updates to this document will be visible at the location indicated in point 1.3. 1.3 Access to this document The Portuguese version of this document can be found at https://www.esel.pt/rfc2350 The English version of this document can be found at https://www.esel.pt/sites/default/files/rfc2350.txt 1.4 Authenticity of this document For validation purposes, a GPG signed ASCII version of this document is located at https://www.esel.pt/sites/default/files/rfc2350.txt The key used for signing is the CSIRT.ESEL key as listed under 2.8. 2 Contact information 2.1 Team name CSIRT.ESEL 2.2 Postal address Escola Superior de Enfermagem de Lisboa Avenida Prof. Egas Moniz 1600-190 Lisbon Portugal 2.3 Time zone Portugal/WEST (GMT+0, GMT+1 in daylight saving time) 2.4 Telephone +351 217 913 400 2.5 Fax Not available 2.6 E-mail address csirt@esel.pt 2.7 Other telecommunication Not available 2.8 Public keys and cipher information User ID: CSIRT.ESEL Valid from: 24/01/2025 11:44 KeyID: 0xef9c4e94a7039b13 Fingerprint: 4BD595491FE4D5B57F8522B4EF9C4E94A7039B13 This key can be found at https://keyserver.ubuntu.com/ 2.9 Team members Coordination: Hugo Martins Members: Diogo Marques, João Moreno, Mário Lopes 2.10 Other information More information about CSIRT.ESEL can be found at https://www.esel.pt/csirt. 2.11 Means of contact for users The preferred method of contact is the email indicated in section 2.6. 3 Guide 3.1 Mission To ensure the protection, early detection and effective response to computer security incidents, with the aim of safeguarding the digital assets, confidentiality, integrity and availability of the critical information of the Lisbon School of Nursing. 3.2 Community served The CSIRT.ESEL responds to computer security incidents within the the Lisbon School of Nursing community, which includes its Users, Systems and Infrastructures, including devices belonging to a network or address block assigned to the Lisbon School of Nursing. The IP address ranges covered by CSIRT.ESEL are as follows: 2001:690:21ec::/48 193.137.98.160/28 193.137.95.96/28 193.137.134.0/24 193.137.135.128/26 193.137.135.192/28 193.137.94.192/26 193.137.98.80/29 193.137.59.96/29 3.3 Membership CSIRT.ESEL is an integral service of the Lisbon School of Nursing. It maintains close coordination with the RCTS CERT (https://www.fccn.pt/seguranca/rcts-cert/). 3.4 Authority CSIRT.ESEL is a service of the Lisbon School of Nursing, whose competence is delegated by the President of the Lisbon School of Nursing. 4 Policies 4.1 Types of incident and level of support CSIRT.ESEL responds to all types of cybersecurity incident, from the following categories: a) Malicious Code b) Availability c) Information Collection d) Intrusion Attempt e) Intrusion f) Information Security g) Fraud h) Abusive Content i) Vulnerable 4.2 Cooperation, interaction and privacy policy CSIRT.ESEL's privacy and data protection policy stipulates that sensitive information may be passed on to third parties, solely and exclusively in case of need and with the express prior authorization of the individual or entity to whom that information relates. 4.3 Communication and authentication Of the means of communication made available by CSIRT.ESEL, telephone and unencrypted email are considered sufficient for the transmission of non-sensitive information. The use of PGP encryption is mandatory for the transmission of sensitive information. 5 Services 5.1 Handling security incidents CSIRT.ESEL provides an incident response coordination service between the entities involved. This coordination typically involves those responsible for the assets or network segment involved. Incident response coordination can be initiated by CSIRT.ESEL, for example in the event of a large-scale incident, or it can be requested by designated channels. Automatic data flows and reports will be handled in the most automated way possible. Incident response coordination includes: 5.1.1 Incident triage 1) Screening incident notifications, verifying their occurrence if possible; 2) Determining the parties involved; 3) Ascertaining the extent of the incident and priority analysis. 5.1.2 Liaison with other entities 1) Contact with the parties involved so that they can investigate the incident in question and take the appropriate steps. 2) Contacting other parties who can help resolve the incident. 3) Sending a response to the original communication or other CSIRT teams. CSIRT.ESEL acts as a central hub, with the ability to route incidents to the correct recipient in order to help and facilitate the resolution of security incidents. 5.1.3 Incident resolution Monitor the progress of the teams responsible for the part of the infrastructure involved in the incident. If an incident is not resolved in a timely manner, CSIRT.ESEL may begin the process of blocking connectivity and/or analyzing devices involved in an incident. 5.2 Proactive activities CSIRT.ESEL coordinates and maintains the following services to improve cybersecurity: 1) Criticality analysis 2) Producing recommendations 3) Alert dissemination; 4) Configuration and maintenance of security tools/applications; 5) Intrusion detection analysis; 6) Dissemination of security-related information. 7) Searching for internal vulnerabilities. 8) Collection of statistical data. CSIRT.ESEL does not carry out the mitigation or resolution measures mentioned above. This is the responsibility of each person in charge of the affected assets. 6. Safeguarding liability Although every precaution is taken in the preparation of the information disseminated either on the Internet portal or through the distribution lists, CSIRT.ESEL assumes no responsibility for errors, omissions or damage resulting from the use of this information. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEES9WVSR/k1bV/hSK075xOlKcDmxMFAmeY9uUACgkQ75xOlKcD mxOcXBAAvOQoGpAIh/58J3ooWuTUbNtPBa0OLzYf9vU3uQHsLtmH3XuCtMG1mDSi 8+KiIXJBaX6mtEX5DdPb0NDOhag8JbnLTVZNM8sA9tRL+OZd+9h5s/PeADGUh2Bf 4+zNLXJ/RRWRht4/S9Ytlf2feHqdTPGWHCqeukjQTZTRL5OpnBXuOOvIPym3cHhy jY0kPsfzBMoID8Y+k4HQRTHeK6Qnymy8RRXC+NqN92CUdG6dlOxqaymKGZys+AKo 4CJWzjdKzXXMiPJ3CUmfbhxln+MAthVLO/EjPYRI6KTo9TJauK4wMzYToAMRSXwr GhCUlfbVp6f5917AkaIVUMEmZ18fALUOoiwKrkROD+kK8CFR8X9ZKX8V/ICH46Ao uuaNE5uQwE+jaSLPgULM8aDCqscDITaGkqGm/Ocm23Yxg3JcU2ta3JfzhvjU6Bd5 rDTbxGwR02hB0MJFuAPwfHv2fiw6OjeEnz8gL2TqKDsvcZWNmb6at396I809KX09 V6uSibfXKhyT7n2BTx+krWW7oeEST22yw+eTDkHyU3kqpEtBHrCmCwPJ18E9A0Zs wbHOnsBoear0TfCCvJJnYJrNFMTWSDq7hJGXO7TVT06Nv4cRKj5h0pXBII2YNtIC E/Dm9awnHy8KN0rUf6BVO+khdDHchjdGYi731jdlxjDQkE6RnTk= =D0Ok -----END PGP SIGNATURE-----