DOCUMENT INFORMATION

This document contains a description of SOC CSIRT Ci2 implemented by RFC2350. It provides basic information about SOC CSIRT Ci2, its communication channels, its roles and responses.
 
Date of last update:
 
Version 3.0: 2019/07/31 update
Version 2.0: 2018/12/13 update
Version 1.0: 2016/08/22 initial
 
Distribution List:
 
It is kept updated in the location specified in section 1.3.

Questions about updates to the team's email address SOC CSIRT Ci2: elio.jerez@ci2.co, alexander.ruiz@ci2.co, Miller.linares@ci2.co y team-soc.csirt@ci2.co
 
Document Location:
 
The current version of the document is available on the Intranet and the website:
https://ci2.co/soc-csirt-ci2 (está en construcción)
 
Make sure you are using the latest version.
 
Document Authentication:
 
Not available

CONTACT INFORMATION
 
Team Name:

SOC CSIRT Ci2, Computer Security Incident Response Team of Compañía Internacional de Integración S.A.

Address:

Compañía Internacional de Integración
Av. calle 26 No. 96j-66
Complejo Empresarial Optimus
Bogotá D.C. – Colombia

Time Zone: UTC-GMT-5
Telephone Number: (+571) 5552353
Fax Number: Not available
Other Comunications: Not available
E-mail: team-soc.csirt@ci2.co
 
Public keys and encryption information:
 
1- Communications encrypted with elio.jerez@ci2.co should use this key:
 
Name (1): Elio Jerez
E-mail (1): elio.jerez@ci2.co
Public PGP key (1):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.4.2 (Build 353)

mQENBFwSbwIBCADbLVT3IN89sqSJFFT/liQeDP3/yv20w8Zir51pACZ4dOz3j7yL
D+agnmVekc6oVTrXQ85EgSPfLYHx8yaKRgIgv/BaFTZffX/nY+9G7tMfBS3k7bjS
eORFsOdD7kgrESdWoOrDwswD6CiUGCwuU0mPp1vcnZMtlFPiCXrOFekQXn/8SGqY
4SFyrUncU9Ju2MCML8wG7L2xTzXuMYGd909CDHHKyPavqeHiNKcFNGO5TjLBjfIt
4e5tKBJSpxr1QRKmYOWqxmgcGtTHnBhpB6aRw9lD7XmamptZGT52MFVc24BHDLls
wg9A3TTcRYCbtofSto9EaHCR6sa1s6J9ZDMfABEBAAG0HkVsaW8gSmVyZXogPGVs
aW8uamVyZXpAY2kyLmNvPokBFQMFEFwSbwNYEUEjFMWrUgECGw8IAJsapXE18z87
Ii/Nif1NOCsRvIo7mqjTjuWMqHikS6JxIeq3RPzXW1NvxWgOxU0Zhj5bJ3TUJSaU
7CombaStdEt/sXQL19smJRk9MO+vFKoXa0Lan+7dr9ISMVaq1mKQNxdZtW3uG1Fa
6/dzxjXOKNQ/Wlvql/iaF6OVyvPfLNkDpufEZB2Fqmt0S55Ym8u0FZXFo3uCHBpO
ULhXN8x5NCkZ7HLdjtMKSDtUSWvVCTVNRnWaCXO0yPfqJdi2wOiP/9KlWo6hVm74
NwgvNC9D3uiHUf/aC/feM59Uv4qttvSsGQZeHXaYUK3zml5ZUY2FjuJ1QXbaSbAP
4lctTlrP7JmJAcoEEAECALQFAlwSbxMgFAAAAAAAFgABa2V5LXVzYWdlLW1hc2tA
cGdwLmNvbYwbFAAAAAAAEQABa2V5LXVzYWdlQHBncC5jb22PMBSAAAAAACAAB3By
ZWZlcnJlZC1lbWFpbC1lbmNvZGluZ0BwZ3AuY29tcGdwbWltZQgLCQMCAQoHCAIZ
AQUXgAAAABgYbGRhcDovL2tleXMuc2ljb3YubG9jYWwFG4MAAAADFgIBBR4BAAAA
BBUICQoACgkQ3r2MzsTTAJZnPQf/SMF0QuAeNgfu4pkabRuqV6tlkeCb9CmSi1il
KtqbZX3cj3PqswdZmS94SV0GZJWM719IuPRFsaUD+ZI3WDeDwlvtocsWNRWyRY59
EOsN+uv+cYCC3irepRslNsba/71B994h4lcIa4KbQh3ry4EGUxTOt3A6i1Fa/U2O
SS97VBmmyAoDMFV1oRQu4btrUYSxlsphnnwF2Hl3vTdjqAFrRHo7OCvAVmaLC851
6MW/traYXxri95VOAJtu5A8P0jgcnrgsc4rHqd41iPWv/RH02XQd3eOqb0pKuCGr
d2NW0IaYwEjZ+lwAil6bKDFyinonuzpZPWmtYP9R8DHj22dCG7kBDQRcEm8DAQgA
xI8mpYtWFbMhhgH4oC0kPQA8J5RE15F6cC58hAfzHdyvg2y1JiuY1au8a2KCE+oR
H6n7zk/ooofQ8wOp9EZQyRFRfSLdJ6cneoWdTQ5XRnVwu4HDah1Zs+7TSqibVx4C
VVO+4utgShNvYSthdxkRdkpzDPpbWBswV/V3fTMOM0ye6NMlHXWQz4hkF+uFDL6F
9xJV7ANCToHSuaOucRMVZgrDxFYAn1gKvRPL43JHIExzXZFOR1uVwCDvx/3tCX9W
IbxbTRABY7qXTK+neIfGL/r0UJoHTGNM8V/eitbQJxlDHNHw9mNqjL48TmN46I0C
HufUjcJZ/pZ2d15/9/0WewARAQABiQJBBBgBAgErBQJcEm8EBRsMAAAAwF0gBBkB
CAAGBQJcEm8DAAoJEOBsIU1SHT5CsSUH/05MMaOCuhtENPS7VTKjR6So/SmGQ9Iq
wSGTtFhPaXw5KXNI6mT2QgUITmk9oxtpZ8wCA+yvNp+gEV9WiRkrQe46/ROhfYqZ
CUSeUq9had4ZEWglTD4NOZvdzQ2qmB+mnn4yhukD9oY2dAC0laq34ZYLJEAkI2++
a4z1dW52ihos7UJ6KKuN3gYj4QNCA40GcR3/qv0kBqBxUFq6eIxalhgUtpWF8/Zp
U+wqLXYvxf8qjSf2+3egUlzTrxMT5Kf3I8rEM3PRIvjJXdv+Mwd9/EX76fhV4rMh
q1aafAQVCbJ9NYS4kfYpVyrcmUA55dUGBwb/rTRusr37/1FJAP90rAMACgkQ3r2M
zsTTAJY8VwgAzcJy36HUF4zUqS/nvwXrWwBcj0RvbaIq1jUHevslk8/DBdyoTCMd
rar+vmXLVgPuVmW6Tsx7VCGc/2/tHP/vBr27uux0Abps+8O8CmFb1Aes4sGD6XCC
14HkkswG9AGFGxU7sSzGbvHhbePuzfESu/GIf8p/YsLyl1+nk5i+wg+gRV8FYrfV
HvXAG7MkfTG2djytUownSSsmnRy3vn8cVeiwoNdiWqzVsH63Q8wWoT2IoMNxLvMG
AcZR1kVXVbmtgtKG8RQNwvIz/nLPV/ay1UU+ehMXrDLkgUe5YpLQkYjNIFsCfWnD
XGQhSFeYxVRQGE0q9NCeLZThVpD69hjaiQ==
=yfh7
-----END PGP PUBLIC KEY BLOCK-----

2- Communications encrypted with alexander.ruiz@ci2.co should use this key:

Name (2): Alexander Ruiz
E-mail (2): alexander.ruiz@ci2.co
Public PGP key (2):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.4.2 (Build 353)

mQENBFwSsd4BCADleEalLoXIgITYlThMAKb6lk6KMrfJi5Z7sHWaVpcO7zvUpnwq
0aMsmld+C5jDyBxSblTHZp86c2iRwxvysvsnN67L7E6YjamB25dDj7spejd65Zf3
FcwyiR3SURnwqvGTH6elixzQ/wbS7j0eTGMpJpoMRwnCTkivV5QqCvgC6X0HpyRv
zdHjCp54bfN5jYCoJm2kCPYrMH4Ty/shBwngsIN5txScpgLjotV3LcWUpFWLZAHc
AH8tY7d3zDTW7VnhsN7IDiZI+5gww30r/Ch7KAU75qEYB9+5QV0jGD2Vto9ddn0U
BMylGvbBX229F170JUMuWQZH/2I1lZe4NDOJABEBAAG0JkFsZXhhbmRlciBSdWl6
IDxhbGV4YW5kZXIucnVpekBjaTIuY28+iQEVAwUQXBKx31gRQSMUxatSAQLm2Qf+
IKhhaS0Sur/VPNAF8OkGjILkQmvM3YkiS+Fv90jOW01qyT7KheK1tjha5A1nY4b+
/Gm8EOqXoxvFju9V5S8SrPdfSENrv0i5dc/p5Ovfj3sxZXQSHcwSPu87cBuN1wpx
VPV7JP5RKqV/lbP9tELOZ/W2xYhgjj2DQX/nQpZi8rsH6/AAEWjgxChp49X5ASFE
q5k1P7dMMyzDQ5RgqrWYt9y0FgL6pZ1YFCJUmpFClQtwOcLf35tZdh7Ff3ls9YBC
lacV7O1PexjF0kCno+LtF+K0Lcq3fYtUp1BZmaqWeSsao+O05Ah22lkvL/3jYQCn
U7N80G8F6Qitc0n/T+0IgokBygQQAQIAtAUCXBK08iAUAAAAAAAWAAFrZXktdXNh
Z2UtbWFza0BwZ3AuY29tjBsUAAAAAAARAAFrZXktdXNhZ2VAcGdwLmNvbY8wFIAA
AAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3BtaW1lCAsJ
AwIBCgcIAhkBBReAAAAAGBhsZGFwOi8va2V5cy5zaWNvdi5sb2NhbAUbgwAAAAMW
AgEFHgEAAAAEFQgJCgAKCRA6xTmA1Cut8TJUCAC1X7v8kKykKdXdXr3zGDselALk
WHMVcpPQgUvu9e4CMlD9A4sJRBajB+5Of4TB53MwYLMzfCXx7nHoTpNvqefzLC5q
bj8K1+PBr6yiPa8cmnocoBEMA8FfPpcy58N2Y4SUEXe9Z1V4N/q7S+7wz7mLddew
7jz31YHLfyEWmA1P4Q++EfwIsin7ySo80RLz1K86RgIJVHXw5JAbYsAu0nHEDpe7
GTKxztNz9oZWVM6y4cikB1lQPNfdMy/ON/igAGBLrBjR0ZXwC31M5hF6oHWHy/Sy
ikF0U/eAPwJFKs22JGrrgEyFGSSf8t/sJw7rdREJ0W0jfIkuU5KnHJ/VTR9uuQEN
BFwSsd8BCADCPb1LfZBRm0+5Xe6uYiBYnPH14E/x3Vc1KHewrgaN5d1MrxFBj4VP
T970pg3R1O6Z+406z6VqqZfFLiYbYrsozREdsvu/+jOqMyCgHM0swkaxLmoDq1fs
bi+ON+bSH2xxXYNz8uwlecVHxnWVSc3S+AKWYh8qlkmTwGkKWEgpkSqwU10ys0bY
nLam2JsWaYluzeauPjAw36JRmV9d1+LWTYAAFMLEJNgZrl+RptCpdhSdUObiRcKI
H473NEpHj8KHOkR4bemYu+fi3hLnI01R9L1JVKz9gPkBYuDHoXCYJHDXLpn+MFGP
o0vell2C9WOpjEzWIlDHvGVIx0i/yQBTABEBAAGJAkEEGAECASsFAlwSseAFGwwA
AADAXSAEGQEIAAYFAlwSsd8ACgkQbMptxx4q6mKmEgf/QAXAVHU/7+nvoki6fwve
qxf+68tpYUVwPM/C5Q5VWURgz40gpZjPjjYf0s3C46D6zxtyJoHmOarJTKv9ms6b
ZY8UZFCVc/hrVeg445Zo9vPf+4fHrB64iqr5kLYWIq5s+7zsG4UfznCVnoKfWxvU
FtVkD/7XtTSFWsrELU6ZZ9igeoBweEDEr6y8hXGKf00HxxEUxA3M3fPRa5HKaNlW
8KJcP/WynYpDN4n+iNPwfPl9oDQKA3LOh7H0l2Pa/eu77EEhnXr5s7ULi3zbQizK
CjroXYyRrudLIUVCtZ5/jRIsMEXH+F9/r3JBFCmzXy/CfTptP82vTvF6xvljyDQt
/wAKCRA6xTmA1Cut8cD3B/9bylpx5UQPjRP8gD3ldvRrowaGIWJigaOD8BfeQcrd
PL/2Vi8vWcV6u9O47AA8L4B26iV0w5trvBnlk/uoZ3jlgSpyiVTAYlKFSq+E0YJD
bv2sVFWuCKv6Imwje/O5IVp//Xg8FBDfMbDpU+t0CuzBJsbFJkQnj2kKVeiQVd9S
HW6WuDprUSDFlpp2Us/G9q05hcm1PoPGFppmaTo4KeFK6KG6BDFbTy5DVG0KCO/G
52higiTL/feouGpEaO7o4+CJ5yLa5LeVIKUPPwxNDNfScG8NwaCeF8WyV9mXEok7
Ljw3k/gwX1oO0WFZJ0r2DJBk8ShU2qmnh20WSiUQqeIr
=S6ik
-----END PGP PUBLIC KEY BLOCK-----

Communications encrypted with miller.linares@ci2.co should use this key:

Name (3): Miller Linares
E-mail (3): miller.linares@ci2.co
Public PGP key (3):

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP Universal 3.4.2 (Build 353)

mQENBFwRB5sBCAD3xoYPyy9atnvxQs1kv95QR8p8kwanjLBXxqGjMM4oOqvPfmQv
Q6t+hXz/ohzA78Hz3H2gywLqE/QsWBdHHMgXj7bst0ENc4W8v6AN1+8nlbU6PLar
G0cHxVuT1XD5jAdcUfjF8YkTpFTdD8eFmxmtYY+ik1JPhN8YHgCumhjBZgN4Q2wd
oXyv7we6rn4lKToSxqFEumojbsz1dUgV08POrwQsfGNwK2P0sPNqeLIaeVzFohoO
3thJXnOM3hTLb11dFOTd2XX5YOdx4y5hBJDmgYIRBQzKB9lcbGLQ+CbmWW/k4WnS
uFi5NZfWohAvWj9PGUs1oxO6hWl4LbOLLA3/ABEBAAG0Jk1pbGxlciBMaW5hcmVz
IDxtaWxsZXIubGluYXJlc0BjaTIuY28+iQHIBBABAgCyBQJcEQefGxQAAAAAABEA
AWtleS11c2FnZUBwZ3AuY29tjyAUAAAAAAAWAAFrZXktdXNhZ2UtbWFza0BwZ3Au
Y29tjDAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdwLmNvbXBn
cG1pbWUGCwkDAgEKAhkBBReAAAAAGBhsZGFwOi8va2V5cy5zaWNvdi5sb2NhbAUb
gwAAAAMWAgEFHgEAAAAEFQgJCgAKCRAUzGmd//TKbTgxB/9MFttT14CTkyQAUHna
lkyoQZb4bwSYcXg9lUb8gsEhKztWbc3SrFsvDlCmzQEg2rMnWWItOMDM43x2ifIL
1CI0/0h6z9kPWgPWwZa2VB7j+afcvz+jsKIKY8D9cyMnDbXoIcBI3UucZm8FUWgr
MOrO7MXeRgJGgRGqeT1LVDUe2VKiKXgXrjjNdEUWqxRUUN1F+m80d3Q9aeNXzgOZ
6ZeLcMjkdA0jJRepH0JnAQsnStma+4rr1zk9UXbUi+cotkjU85pT/UD5Bv6zVD9h
VrHs+YZaCJPYjM2i1NPCq3GbTCkFZkOMe9tDram2zhPjkAg+7iJzdtvDiR8nPWaI
7vdtiQEVAwUQXBEHnFgRQSMUxatSAQLc7Qf8C76uqxNbdoy14M6+/G9gC3mRFFUg
iCK7yAfzJPR+dNuxvEKmZwcibFu+5sFPUYY43DtWAO8hVRaxVhr3w4jDsEz77RN8
EqbanpoS1Dq7TNsTMD1jNhXWSqJQDwI3rzkh5ZIgkXtWh6ZaMUC4BK4dGq5rx20l
SL3a5vw/ThXmZiS1Kx0+Ld/p+X/cEB5q6GTdsVd6uidoO+sb84qvHJ5TqpABnEa/
x2kK99G3fJqTNOSB7c7KFo+jMXbLfR7I9jJUmRnQRPkge33DrRjZUytnuMVf9XKm
34dNFzH/tppqy9/ReaXDn2gsmhGdX+Qk/wlsSoLqu0ZM6eS4LKC0zCpjCLkBDQRc
EQecAQgAujmhnZ49Ae1H9sqiJsxlLdthqBmZTclVkPqoDx+BcNWKm7n1yM0Pe7z1
CsCWtL9pPVht8B8YXfj9VRuFIJa8B0zeVQam+ju4sW6sRihius/0OycXPelqNO15
y9VSlDyN+uide6CyZ9wJo7wfGiXiM0AQdobMrGyB4WysQPXutbO4+N0lWiw2ByUw
StGCpRX+LohELVa//1iExak1VOVv2R2RKhfE6JcrIH5tQ9UlG9tAByS6qqoo5366
FuDxACdPBYK2nxk6nqKKjMj90dM27hIz5UrifuV73von8eBR7cRknJfdZFOpu4js
LUrKELmVfkO33TmjVyt+Fk7yg3NZZQARAQABiQJBBBgBAgErBQJcEQedBRsMAAAA
wF0gBBkBCAAGBQJcEQecAAoJEBctBtvzTfizLycH/2sWxFv2CzGfmbDpkTmTutFD
E63RN0Yal/EZZO35jMFthtf1SoJbdYZpdHBMd2siBDTwcEim0H2gwlmQylym6E4J
BeWg8BpxyPaSzM/8SjQHeNwNrPYWb/Dt7BWOjmZRcDNaONFoY1Xs4Z7fNMw02IAX
fawBU+ymnFf9hMrHQxnszkgfDeCHKakylCtB00HVO4eKLk3pPTz27aja+/HEesna
4Kt5nTwybd6dFjuRSWnmyotumPUtnTs314dEyejvunRU8Bijwy89QADmm4Ro+XVm
fz3Ck7bA52FAAjonEWFhBaTDLfn409NtIm2xKOG1WRNqFgPsXP7GFB7EDOO/InkA
CgkQFMxpnf/0ym1/mQgA8FQy/uZiS4Net1TKjGl5gEIYdJW9RAz9ru7nG7fhtlOK
nYnVVKT5d8j+FQzPpJVGj5TEihRXX8f3BDz/C7gatLvf47bbyzBpQR4c1GEpRGgK
ltqFw7pTWrLw4qGIYdExRU4rz7eGRzQTjrbmm+EehTYwsa4Gto8t/keWDs7kwMEB
/uEQk8sWcRer/3GjxZdLvs+WGBpOnbpJclzjQqc5QGv7sGxiO3rTw67gVJC3sAEP
cWNjAQKTIpfBZ9pdQxElGRuRx8/gEqK8RRVHk6cpOZn3BHsTYVx2Q/oq+6jO04EB
ZiBxggt/vdBqignkz+SuS6626IW51c/LiIqr0rVjNw==
=/wnq
-----END PGP PUBLIC KEY BLOCK----- 

Team Miembers

  • Ing. Elio Armando Jerez Silva
  • Ing. Alexander Ruiz Ramírez
  • Ing. Miller Linares Castellanos

More Information:

General information about the SOC CSIRT Ci2, safety recommendations can be found at https://ci2.co/soc-csirt-ci2

Office Hours:
 
From Monday to Friday from 8:00 to 12:00 and from 13:00 to 17:00. 
 
Customer contact point
 
For incident reporting, you can use media such as email, telephone to communicate with the SOC CSIRT Ci2 team
Para reporte de incidentes, puede utilizar medios como correo electrónico, teléfono para comunicarse con el equipo SOC CSIRT Ci2

CONSTITUTION

The Computer Security Incident Response Team of Compañía Internacional de Integración S.A. “SOC CSIRT Ci2”, is part of the MIST Process (Integrated Technology Systems Monitoring) to attend, prevent and provide incident response, supporting our stakeholders contributing to the protection of the technological infrastructure that leverages information and its information assets more precious, therefore, mitigate the adverse impact that could result in the realization of risks related to computer security

Misión

Position and consolidate “SOC CSIRT Ci2” as a reference and single point of contact for the attention, prevention and response to internal security incidents and our stakeholders, maintaining our commitment to the environment, people's safety, guiding efforts to guarantee the necessary conditions for the assurance of the technological platform of Ci2 SA and support to interested parties.
 
The general objective of SOC CSIRT Ci2 is:
 

  • Strengthen the human team of Ci2 S.A. for the prevention, investigation and attention of security incidents that attempt against the confidentiality, availability and integrity of the information.

 
The strategic objectives of SOC CSIRT Ci2, are:
 
Be the only point of contact to report emerging threats and / or information security incidents.
 
Provide advice and support organizations in general, in the protection of threats and / or risks associated with information security.

  • Strengthen the procedures for handling information security incidents through the use of standards, good practices and permeable with the internal corporate environment and the stakeholders.
  •  
  • Establish strategic alliances of collaboration for the coordination and management of security incidents with the different CSIRTs of national and international nature (when required), to consolidate the mechanisms of mutual aid in the matter of information security.
  •  
  • Deepen awareness of information security.
  •  
  • Develop strategies to generate recommendations to users to disseminate and provide a system of early alerts, communications announcements that prevent the risks associated with information security.

Community to which it provides Services

All officials of the different processes (areas) of Ci2 S.A. and interested parties.
Government institutions and private companies.

Sponsorshio / Afiliation

The Computer Security Incident Response Team of Compañía Internacional de Integración S.A. “SOC CSIRT Ci2”, is part of the MIST Process (Integrated Technology Systems Monitoring), is a global team of engineers that provide services within the organization and external clients, to help protect information assets.

The CSIRT Ci2 SOC is sponsored by the CSIRT-ETB and ShieldNow teams, in addition, maintaining communication with several CSIRTs as deemed necessary..

Autoridad

SOC CSIRT Ci2 manages, investigates and resolves security incidents under the direction of MIST, and within the scope of the internal corporate policies of Ci2 S.A. and the applicable Colombian legal framework.

POLÍTICAS

Type of Incidents and Level of Support

The SOC CSIRT Ci2 team is responsible for managing and solving all incidents that are reported by the administrators of the critical infrastructure services of Ci2 S.A. and the reports of contact points that are scaled through the means of contacts preset in the number “2.12. Contact points for customers ”.
 
The level of support provided by the SIR CSIRT Ci2 and its response time will depend on the severity of the reported incident, the workload of the equipment and the integrity of the information available.
 
The severity of these will be determined using criteria established by the SOC CSIRT Ci2, the response will be based on the use and management of a methodology for incident management.
 
When necessary, the SOC CSIRT Ci2 will provide the necessary information to the system administrators about the security measures that must be taken into account in the activities they perform.
 
It is the responsibility of the SOC CSIRT Ci2 to keep those affected informed of possible vulnerabilities before they are exploited, through security bulletins and alerts sent periodically.

Cooperation, Interaction and dissemination of Information

The information will be handled with absolute confidentiality in accordance with the Incident Management policies and procedures established for the CSIRT, the cooperation agreements established with other CSIRT teams, the internal policies and procedures of Ci2 S.A. and of the applicable regulations in Colombia, in the case that the information is published, this will be prior authorization of the owners of the same, in the case that this is not complied with, the case will be handled according to the policies established by the Ci2 SA and in the Team for these cases.

Comunicación y Autenticación

See section “2.8. Public keys and information encryption ”; In cases involving confidential information, the use of encrypting messages with PGP is recommended. 

SERVICES

Incidents Responses
 
The SOC CSIRT Ci2 team will assist in the tasks related to handling and responding to incidents according to the methodologies used to manage them. SOC CSIRT Ci2 will provide assistance in handling incidents regarding:
 
Incidents Triage

  • Determine if an incident has occurred and its risks.
  • Classification of the incident according to the categorization of incidents defined in the SOC CSIRT Ci2.
  • Correlation of information.

Incident Coordination

  • Determine causes of the incident.
  • Information on the categorization of the incident.
  • Contact facilities with other sites that may be involved, according to procedures established in the SOC CSIRT Ci2.
  • Reports to other teams, if necessary.
  • Issuance of ad reports to users.

 
Incidente Resolution

  • Analysis of the compromised systems.
  • Provide an action plan to avoid vulnerability and local administrator technical support to carry out the action plan.
  • Provide action and support plans to help ensure the system of the effects of the incident.
  • Additionally, SOC CSIRT Ci2 collects information to issue statistics on incidents that occur in Ci2 S.A.

Proactive Activities

The proactive services that will be provided in the SOC CSIRT Ci2 Team are:

  • Information Security News: Information is disseminated about vulnerabilities, attack techniques or computer viruses among others, which are not detected by antivirus signatures or by specialized software in order to alert administrators of technology platforms.
  • Vulnerability management: Periodic tests established by the interested parties are carried out, in order to demonstrate the security flaws that the operating systems or systems may have, carrying the complete life cycle of identification, analysis, evaluation, assessment of the different vulnerabilities where the respective conclusions are made with their respective recommendations to be applied, thus minimizing the gap and closing possible security gaps to keep the infrastructure safe.
  • Availability monitoring: With the help of different applications, monitoring is performed on the active equipment of the technological platform, verifying its availability status and identifying the faults that are occurring in real time.

Security Management and Quality Services

  • Information security awareness. Newsletters, videos, events are carried out, among other activities to raise awareness among users about the risks that may daily violate information security.
    • Risk management. The risks of information assets must be identified, analyzed, evaluated and assessed, in order to generate action plans to mitigate their impact that this risk has associated, leveraged in the good practices of ISO 31000
    • GAP analysis of information security. The guidelines are followed with the established criteria and those for information security, analyzing current performance and identifying possible improvement options, subsequently generating recommendations to protect the information.
  • Information Security Bulletin. It contains useful information to improve the security of information in an entity.
  • Consulting / Advice. Through timely attention, consultancy / advice is offered ensuring continuous improvement in the processes and / or activities to be verified.

KINDS OF NOTICE OF INCIDENTS

To report the incidents, you must use the formats prepared by the SOC CSIRT Ci2 Team, the same ones that can be obtained from the SOC CSIRT Ci2 Team or on the team's web portal.

DISCLAIMER

The SOC CSIRT Ci2 Team is not responsible for the misuse of the information contained herein.