Profile CERT CYBERPROTECT I. Document Information This document contains a description of CERT CYBERPROTECT and makes reference to request of RFC 2350. This document provides basic information about the CERT CYBERPROTECT as different functions and different services we offer and how to contact us. A French version of this document is also available. 1. Date of Last Update The first version of this document dates 2015-09-01. This version of this document dates 2023-01-16. 2. Distribution List for Notifications This document and elements constituting CERT are updated by CERT-CYBERPROTECT staff. Update information are also sent to : - Every CERT-CYBERPROTECT members - the customers of the CERT-CYBERPROTECT 3. Locations where this Document May Be Found You can find this document on the web site : www.cyberprotect.one/cert/rfc2350_EN.txt II. Contact Information 1. Name of the Team Full name : CERT CYBERPROTECT Short name : CERT CYBERPROTECT 2. Address SDN International - Cyberprotect 17 allée des Ginkgos 69500 BRON FRANCE 3. Time Zone GMT+1 (From last Sunday of March to last Sunday of October : GMT+2) 4. Telephone Number +33 (0)4 28 67 37 12 5. Facsimile Number +33 (0)4 72 81 84 75 6. Other Telecommunication Not available 7. Electronic Mail Address csirt@cyberprotect.fr 8. Public Keys and Encryption Information The secure way of communication used is PGP. If you wish to contact us securely, please use public key to encrypt your message bellow : Key-ID: C455F7AD -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 mQINBFWx8U4BEAC23rFEGBaDZyeZ65ReGN0wEhK5e6l/0on9Pn7doMd7evYXqtBJ Zp8K9EEQl+08MvldaoIlC0Sw7tslwHTG9ejwLm5XiO5eeudzide5rYW+lN0Nl99i CdgzbuyGVj43bEQZw9FMJoZlLMH2fFv8bXS1HO3SysrrafdCx2yAjGKcPx1G5I0t ff/KM56KQ0WPN3v+9rtOIpPa6VdJ7k7CHlZ/7ROaeN19yhruJhL5Yrgi2by4LyVy 9iahe/W1tQQcetJlCvdHWb++lrEqdAxMPdVbSviLmnAQm+ADIvh7cVLqVvdjHDSh pckmcs49MfYzz4+gCjZyfNM3FXMlK8Hql+pXipXWXPUapqKyW7Tv7O1h+UfkAxVu 6dSi2EY/Bo12Y7W/tJqo7xWJLC8ivl1Vv6mXBQYeMIQnIMnNbg1DyCABP3udhypv 8ZoqqPNUGiUpgVoQ6GUEjc3ohcoO3Hy+mPuoA8mSR0SbvY0nK6ir0eOfzDKyrgud gxxIzk1UbKA8mb1mTuOAm3lMHM5zg+17QRIuKdkL8H+dfrYAEfbObFrv9WvkobyM 5ccSLcKEBJNMZJ2Hb994BZbO8JejxXb3FV6xUE2ZTd+Gpk5dugI/PkpRNDTjp0xO ZrdNB55UHUoxa8010yF+AWzRzxWkWe3XCvWMeCFHnfzRRxTQkCDQ1YLEKwARAQAB tCpDU0lSVCBDWUJFUlBST1RFQ1QgPGNzaXJ0QGN5YmVycHJvdGVjdC5mcj6JAjkE EwEIACMFAlWx8U4CGw8HCwkIBwMCAQYVCAIJCgsEFgIDAQIeAQIXgAAKCRBwnTXD xFX3raK6D/443rrtOT3OAQKi2LxQlIVWktFNYdmgfubzz88NYHDZcZhDF+jPTLLR NaPajCPrJB9ieeF4i0/XWbacwDWnUkDhkssgahW2MEYXP2TfCfAmDT0qbIIdlxQI yKJJZB/X95Ck0MxAbuAbY6EoCpEa3hvLmT5+BTAAijAP7QXfvz9PuNtGUjyUCufz gqio9JpY5CwAIHB96kvFqWCL1xyYMn0Kkba/OtTLoMEJH6D6QidZ8OmuXKzxRIGr Yf19Cg8NVsu5DdDuuQBbU/k7ij6bj7rp/tyQNxn2A04UnRun0ruhWkd316Ybapur 6E4aRx0WhH0KhqVWHzdQuRRoPlMHYa88BhmBDFHVsTMJ3JuHoWCVLXjgmbzna6ns pBaCE+eWKDKEAIpSGmKtVNkf8FUdDha/BnuwLbrPh9Zx/SBF5As5zws8sZ4GpyEo wX4vrWKdaXStpseKAxoGY6xwMROpVv7cX7g6QuWRP9hwXIkQqSefgl5KH+lPVNSe z7IIBvmuf2gFLV3pYoh5b0BbZbNnBpkhYKoqg1p8/rD43epRVULb4oUCZY8Dix4i vLGSq65simz0wq6Q3ZNZV+bHVc32MufY8jt0+LEzzloDSiYFKDzYozVy6+6BZPDc sSRXovIR2STNtugonweUph3LQEPq3nz/SBYa6Ub8MRR3igCFNpG0qg== =PFKR -----END PGP PUBLIC KEY BLOCK----- Public key of CERT CYBERPROTECT is also available on the web server : www.cyberprotect.one/cert/cert_cyberprotect.pgp.key 9. Team Members Team's manager of CERT CYBERPROTECT is M. DUBOIS. 10. Other Information Creation date of CERT CYBERPROTECT: September 1st, 2010. 11. Point of Customer Contact To contact us, please use email address of our CERT (csirt@cyberprotect.fr) We answer any request during business hours (8:00-20:00) from Monday to Friday. For emergency in outside business hours, please contact CERT CYBERPROTECT with telephone number : +33 (0)4 28 67 37 12 III. Charter 1. Mission Statement Since September 1st, 2010, Cyberprotect roll out his computer security incident response team. Since November 25th,2015, this entity is authorize by Canergie Mellon University to call CERT CYBEPROTECT. The missions of CERT CYBERPROTECT are : + To detect vulnerabilities in information system in order to reduce the risks of intrusion + To solve the incidents by using the team of incident response of IT security + To support its customers to security changes when it's necessary + To provide preventive information to its customers + To alert customer when malware is detected on infrastructure network 2. Constituency The constituency of CERT CYBERPROTECT matches at customers of group Cyberprotect. By definition, constituency type is external. Cyberprotect customers are present in different line of business and essentially match to PME and ETI companies. CERT CYBERPROTECT engages to cooperate with the constituency internal technical teams, as well as with other providers where the context requires. CERT CYBERPROTECT occurs for all security incident on constituency's scope. 3. Sponsoring and/or Affiliation CERT CYBERPROTECT enters into relationship with other CERT/CSIRT when it is necessary. 4. Authority CERT CYBERPROTECT provides advices and solutions to its customers in order to reduce at the most the risks of incidents. However, CERT CYBERPROTECT has no authority to its customers for the implementation of solutions. IV. Policies 1. Types of Incidents and Levels of Support All type incident of IT security can be handled by CERT CYBERPROTECT. Level of support whose can to benefit the customer will depend on the type and gravity of the incident. 2. Co-operation, Interaction and Disclosure of Information CERT CYBERPROTECT carries out its services by respecting bonds imposed by French laws. Customers information collected during the resolution of incident are handled with confidential manners. When is necessary, and for a more efficient resolution of incident, CERT CYBERPROTECT will cooperate with other CERT/CSIRT by respecting rules of confidentiality establishes within company. In case of approach by body of press, CERT CYBERPROTECT makes a commitment to respect its policies of confidentiality, disclosure and media. 3. Communication and Authentication For communications not requiring security, conventional methods of communication will be used. In the case of information require to be transmitted with confidentiality, the means of protection describes in part 2.8 will be used. V. Services 1. Incident Response The CERT CYBERPROTECT makes computer security incidents response of its customers by using the principles of triage, coordination and resolution incident. These principles are detailed below: a. Incident Triage + To collect the information of the incident + To check if the incident is real + To attribute a priority of the incident b. Incident Coordination + To analyze of the incident + To research solutions + To communicate with the customer to facilitate the incident handling + To cooperate with others CERT/CSIRT c. Incident Resolution + To delete vulnerability by carrying out vulnerability handling + To delete artifacts by carrying out artifacts handling + To make rapport on incident + To collect data for statistics CERT-CYBERPROTECT informs its customers in case of intrusion or attempts of attack within system. Our experts' team provide necessary recommendations to handle the threat and avoid a too important impact. 2. Proactive Activities In order to reduce the risks and inform its customers, CERT CYBERPROTECT carries out the following preventive actions: + Announcements + Technology watch + Security-Related Information Dissemination + Intrusion Detection Services + Risk Analysis VI. Incident Reporting Form Incident Reporting Form are in the form of ticket which are generated by system that we put in our customers VII. Disclaimers Although CERT CYBERPROTECT takes all precaution to reduce risk IT at its customers, it is not account of any errors or any interpretations bound to the provided information.