Description - Security Operations Center (SOC) in N28 P.S.A. ================================ 1. Information about the document The document contains a description of the Security Operations Center (SOC) implemented by N28 P.S.A according to RFC 2350. The document provides basic information about SOC such as contact options, description of responsibilities and services offered. 1.1 Last updated date Document version 1.08, published on April 17, 2024. 1.2 Dissemination of notices of changes to the document Currently, N28 P.S.A. does not use any distribution list to notify about changes to this document. 1.3 Where to find the document The current version of the document describing SOC is available on the website website: https://n28.pl/RFC2350-PL.txt https://n28.pl/RFC2350-EN.txt 1.4 Certification of the document The document was signed using a GPG key, document certification can be verified via the soc@n28.pl GPG key published in point 2.8 of the document. 2. Contact information 2.1 Team name SOC - N28.pl 2.2 Mailing address N28 ul.Michałowicza 46 lok. 2 43-300 Bielsko-Biała Poland 2.3 Time zone Central European Time UTC+1 Central European Summer Time UTC+2 (from the last Sunday in March to last Sunday in October) 2.4 Telephone number +48 2.5 Fax number +48 2.6 Other telecommunications Unavailable. 2.7 E-mail address soc@n28.pl 2.8 Public keys and other encryption information -----BEGIN PGP PUBLIC KEY BLOCK----- xjMEZfxUxRYJKwYBBAHaRw8BAQdAtj38rdXBQk+wTYbuK0RlEC34sQbsETcop8VH 2kKfV3bNF1NPQyBOMjgucGwgPHNvY0BuMjgucGw+wpMEExYKADsWIQR225/KWzFP /nA/m2WU35uAQT1KPQUCZfxUxQIbAwULCQgHAgIiAgYVCgkICwIEFgIDAQIeBwIX gAAKCRCU35uAQT1KPYkkAPwI6y3t0G+m1qz41gQS+Usnvg5lyqdDMrdafELOg5BS mwEA2oRssVFNXl/kgMWLFnhRfMQz08xndv+m2SLYpqrpewDOOARl/FTFEgorBgEE AZdVAQUBAQdAfzrjugKr021HqhxZbp0kO+lbCEGCtGjCdzD1lYaTJioDAQgHwngE GBYKACAWIQR225/KWzFP/nA/m2WU35uAQT1KPQUCZfxUxQIbDAAKCRCU35uAQT1K Pe3AAQC2ljqbSBDgNRHdbKQnV8d2lCidcCPjNXUxrHNANObhegD/eIIYc8NGIsna CzlRVzUIAZ+RhIIXHNzlrC5EJrNl+AQ= = JiVt -----END PGP PUBLIC KEY BLOCK----- GPG key used by soc@n28.pl: User's ID: SOC N28.pl Valid from: 21.03.2024 16:39 Type: 255-bit EdDSA How to use: Signing, Encryption, User ID Certification Certificate imprint: 76DB9FCA5B314FFE703F9B6594DF9B80413D4A3D This key can be obtained from directory services or directly from Web page: https://n28.pl/soc.asc 2.9 Other information General information about SOC can be found at: https://n28.pl/ 2.10 Customer contact points The preferred method of contact by SOC is e-mail using our cryptographic keys to ensure integrity and confidentiality. SOC hours are limited to regular business hours (8:00-16:00 Monday to Friday, excluding holidays). In special cases, e.g. in accordance with the provisions of the 24/7 contract(s). 3. Status 3.1 Mission Our mission is to provide comprehensive and innovative care over our clients' IT infrastructure. We strive for constant improvement in the area of ​​maintaining IT systems, monitoring and cybersecurity and audits of ICT systems. Our goal is not just to react to current needs, but also proactive action to ensure stability and security and efficiency of our clients' IT environment. Through an individual approach and expertise of our team, we emphasize innovation and transparency of activities, supporting customers in achieving their business goals through optimal use information technology. 3.2 Area of ​​operation SOC covers the protection and security of our IT systems customers. Our tasks include continuous monitoring and identification threats, responding to them, as well as improving and improving our services, to provide our customers with reliable protection. 4. Policies 4.1 Incident types and level of support The default priority for all incidents is normal priority, the exception are contractual arrangements that give them a different priority. Incidents operated voluntarily, in the public interest therefore have normal priority regardless of the marking attached to the event notification. The authorities of N28 P.S.A. decide on each priority increase. 4.2 Collaboration, Interaction and Disclosure of Information This statement confirms our commitment to confidentiality information received as part of our cooperation and interactions. Information, that are sensitive or may be harmful are processed only in a safe environment environment and are encrypted. We recommend that you provide confidential information when reporting an incident information, use encryption, or contact the SOC Office to make arrangements another secure communication channel. The SOC office declares support for Information Sharing Traffic Light Protocol (ISTLP, https://www.trusted-introducer.org/ISTLPv11.pdf). Information sent and marked in accordance with ISTLP will be processed in an appropriate way. Information submitted to the SOC Office in connection with the fulfillment of duties may be sent to trusted sources entities (such as Internet service provider, other CERT teams) on a need-to-know basis and solely for the purpose of handling incidents. N28 P.S.A. does not report incidents to law enforcement agencies unless required this national law. N28 P.S.A. cooperates with law enforcement agencies only under official investigation. 4.3 Communication and authentication The SOC uses GPG encryption to ensure confidentiality and communication integrity. All sensitive information that is transmitted should be encrypted. Incident messages sent by SOC staff are signed with our GPG master key (see section 2.8) and encrypted when contain sensitive information. The SOC office reserves the right to verify the authenticity of the information or its sources to the extent permitted by law. 5. Services 5.1 Incident Response The SOC office supports clients in handling incidents related to IT security. - Incident reporting: When an incident is detected, its report is forwarded to the SOC via an appropriate channel, such as telephone or e-mail. - Incident analysis: After receiving a report, the SOC team conducts an incident analysis, to identify its source and extent. - Control actions: Depending on the outcome of the incident analysis, the SOC team takes appropriate actions control activities such as blocking access to the system, removing malware or suspending activities to protect a system or systems. - Reporting: After performing control activities, the SOC team creates an incident report containing information about its course, actions taken to complete it and conclusions for the future. - Monitoring and response: After the incident is over, the SOC team continues to monitor the system, to detect and respond to possible further incidents in time. 5.2 Incident reporting forms For internal customers, the form is available after logging in to the in.n28.pl website, requires selecting the SOC or incident category from the drop-down list. for external clients via email sent to soc@n28.pl or incident@n28.pl 6. Disclaimers When preparing all information, notifications and alerts all precautions will be taken. The SOC office is not responsible liability for errors or omissions or for any resulting damages from the use of the information contained in this document.