Incidents Responses

The SOC CSIRT Ci2 team will assist in the tasks related to handling and responding to incidents according to the methodologies used to manage them. SOC CSIRT Ci2 will provide assistance in handling incidents regarding:

1Incidents Triage 

  • Determine if an incident has occurred and its risks.
  • Classification of the incident according to the categorization of incidents defined in the SOC CSIRT Ci2.
  • Correlation of information.

Incident Coordination

  • Determine causes of the incident.
  • Information on the categorization of the incident.
  • Contact facilities with other sites that may be involved, according to procedures established in the SOC CSIRT Ci2.
  • Reports to other teams, if necessary.
  • Issuance of ad reports to users.

Incidente Resolution

  • Analysis of the compromised systems.
  • Provide an action plan to avoid vulnerability and local administrator technical support to carry out the action plan.
  • Provide action and support plans to help ensure the system of the effects of the incident.
  • Additionally, SOC CSIRT Ci2 collects information to issue statistics on incidents that occur in Ci2 S.A.

Proactive Activities

The proactive services that will be provided in the SOC CSIRT Ci2 Team are:

  • Information Security News: Information is disseminated about vulnerabilities, attack techniques or computer viruses among others, which are not detected by antivirus signatures or by specialized software in order to alert administrators of technology platforms.
  • Vulnerability management: Periodic tests established by the interested parties are carried out, in order to demonstrate the security flaws that the operating systems or systems may have, carrying the complete life cycle of identification, analysis, evaluation, assessment of the different vulnerabilities where the respective conclusions are made with their respective recommendations to be applied, thus minimizing the gap and closing possible security gaps to keep the infrastructure safe.
  • Availability monitoring: With the help of different applications, monitoring is performed on the active equipment of the technological platform, verifying its availability status and identifying the faults that are occurring in real time.

Security Management and Quality Services

  • Information security awareness. Newsletters, videos, events are carried out, among other activities to raise awareness among users about the risks that may daily violate information security.
    • Risk management. The risks of information assets must be identified, analyzed, evaluated and assessed, in order to generate action plans to mitigate their impact that this risk has associated, leveraged in the good practices of ISO 31000
  • GAP analysis of information security. The guidelines are followed with the established criteria and those for information security, analyzing current performance and identifying possible improvement options, subsequently generating recommendations to protect the information.
  • Information Security Bulletin. It contains useful information to improve the security of information in an entity.
  • Consulting / Advice. Through timely attention, consultancy / advice is offered ensuring continuous improvement in the processes and / or activities to be verified.