—–BEGIN PGP SIGNED MESSAGE—– Hash: SHA256 RFC 2350: CSIRT.PolitecnicoGuarda Last Revision: Micael Pires 1. Information about this document 1.1 Date of last update Version 1.2 published on 2022/12/09. 1.2 Distribution lists for notifications There is no distribution channel for notifying changes to this document. 1.3 Access to this document The updated version of this document can be found at www.csirt.ipg.pt/rfc2350 An English version of this document can be found at www.csirt.ipg.pt/en/rfc2350 1.4 Authenticity of this document This version of the description of the CSIRT.PolitecnicoGuarda is signed with the PGP key, the Portuguese version can be found at csirt.ipg.pt/rfc2350.txt and the English version at csirt.ipg.pt/rfc2350_en.txt. 2. Contact Information 2.1 Team name CSIRT.PolitecnicoGuarda 2.2 Postal address Av. Dr. Francisco Sá Carneiro 50, 6300-559 Guarda, Portugal 2.3 Time zone Portugal/WEST (GMT+0, GMT+1 DST) 2.4 Telephone +351 271 220 100 2.5 Fax Non-existent. 2.6 Email address Reporting incidents: report@ipg.pt Other subjects: csirt@ipg.pt 2.7 Other Telecommunications You can also use the form available on our site at csirt.ipg.pt/contacts. 2.8 Public keys and cipher information The CSIRT.PolitecnicoGuarda provides a PGP key with KeyID 0x09404AAB, of type RSA and fingerprint 1D0CFEC9A021169C3F648532355D99E009404AAB. This key can be found at csirt.ipg.pt. 2.9 Team Members Coordination: Pedro Pinto Members: Filipa Gaudêncio, Micael Pires 2.10 Other information For more information about CSIRT.PolitecnicoGuarda you can consult csirt.ipg.pt. 2.11 Means of contact for users The CSIRT.PolitecnicoGuarda has several contact channels: Email for reporting IT security incidents: report@ipg.pt E-mail for other IT security related matters: csirt@ipg.pt Phone: +351 271 220 100 Form: Available at csirt.ipg.pt/contacts 3. Guide 3.1 Mission Our mission is to promote a culture of IT security both inside and outside the academic community of the Polytechnic of Guarda, using awareness-raising actions, advice and responding to computer security incidents detected internally or reported by incident response teams of academic and national networks. 3.2 Community served The CSIRT.PolitecnicoGuarda responds to security incidents in the IT context of the IPG - Politécnico da Guarda community. The IP address ranges and domains covered are: IPv4 193.137.232.0/24 193.137.162.0/24 193.137.163.0/25 193.137.164.0/26 193.137.164.64/26 193.137.164.224/27 193.137.165.0/24 IPv6 2001:690:23d0::/48 Domínios ipg.pt politecnicoguarda.pt politecnicodaguarda.pt 3.3 Affiliation The CSIRT.PolitecnicoGuarda, is an organ belonging to the Polytechnic of Guarda 3.4 Authority The CSIRT.PolitecnicoGuarda operates within the authority delegated to it by the Computer Services of the Polytechnic of Guarda. Its creation was reviewed and approved by the President of Politécnico da Guarda, thus allowing it to act in its legitimacy and capacity of action. The same cooperates with the various administrators of the System Administration and Network Infrastructure departments, as well as the respective users of the institution's systems in the exercise of their functions. In case of doubt, or by some nature any of the community members wish to contest any action of CSIRT.PolitecnicoGuarda, this should establish contact with the coordinator of the same. 4. Policies 4.1 Incident Types and Support Level The CSIRT.PolitecnicoGuarda has the power to act in the face of all types of security incidents that may occur at the Polytechnic of Guarda, including attempts to successfully exploit vulnerabilities, compromise the confidentiality, integrity and availability of information, disruption of services, spread of malware or unsolicited email and potential threats. The level of support it provides may vary depending on several factors, including the type and severity level of the incident, the number of users involved, and the resources available to it. However, all incidents detected or reported will be dealt with as soon as possible. The CSIRT.PolitecnicoGuarda is committed to keeping system administrators informed about potential vulnerabilities, and they will be informed as soon as possible. 4.2 Cooperation, interaction and privacy policy The privacy and data protection policy by which the CSIRT.PolitecnicoGuarda, is governed, establishes that sensitive information may be transmitted to third parties, only and exclusively in case of real need and with the respective prior authorization of the presidency of the institution. 4.3 Communication and authentication The means of communication made available by CSIRT.PolitecnicoGuarda, whether by telephone, form or unencrypted e-mail are considered sufficient for the transmission of non-sensitive information. In case there is a need to transmit sensitive information, it is mandatory to use the PGP cipher and signature that can be found on our website. 5. Services 5.1 Incident handling The CSIRT.PolitecnicoGuarda actively collaborates in order to provide assistance to the various system and network administrators, in the different aspects of a security incident, namely its mitigation and resolution. It is committed to deal mainly with security incidents in the context of the community, more specifically incidents whose origin or target is the Polytechnic of Guarda. 5.2 Proactive Activities The CSIRT.PolitecnicoGuarda coordinates and maintains several services within the capabilities of its available resources, such as awareness-raising activities aimed at the entire academic community for the issue of computer security, such as workshops, dissemination of emails accompanied by educational infographics and simulations of phishing campaigns. Advising by raising awareness, promoting and implementing IT security policies and best practices. Continuously analyze the entire infrastructure, applications and systems from the perspective of identifying computer security vulnerabilities. Evaluating impacts, recommending fixes or changes in order to reduce the risk of data exposure, information or systems compromise. Actively collaborate with other units, internal or external, in their areas of expertise, participating in activities, projects or task forces of national or international nature promoting innovation and innovative services to the community. 6. Form The CSIRT.PolitecnicoGuarda provides users with a form to report security incidents through its website. This form can be accessed through the following link csirt.ipg.pt/contacts. 7. Liability Safeguards Although every precaution is taken in the preparation of the information disclosed, the CSIRT.PolitecnicoGuarda is not responsible for errors or omissions, or for damages resulting from the use of this information. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEHQz+yaAhFpw/ZIUyNV2Z4AlASqsFAmNqRHIACgkQNV2Z4AlA SquWHA/9GeOMtepTNkmBhnvvZuCshG2lOtPPFUPz+VIeQF/P/RKNOHQg5Gw4krzC GMbba5kk8NjtlN0u1dWOOloN0kpZEFyB46Jky8ZZaFTEty9v+2YdMcYTLK0X7epq Mt4/6QbeP8TgaHzeoOwykTIKCXn3xkKkPTDujfqrWBUELa4u5eZpaUnXJbOgA1vX It/UDA0SDZRs2Byej1xkEcV1h8jQJVG7jx1ekHuTG7MretpT0t49o9WCKF5J+GFM kHIivAaKYfp3YfHZV4lrcjda2d82khOXc5jXPFALgYs0XBIp4h75CeIzzcXUkaOT wYuZuIl7nd9c9rK6VICWcApNr8biBHTPZZi+5cIN8eZLy/W+SA0Lc+GTaPhGu9H3 mXO7X4mg1UZG/C70+E2J67UuZwGDSYDJ/o+RaGLQMz9eb9jvkc2ybowb/aUK0znr McnUPYhGDxvQqWHzI+u6uUJoNskimMuOIcMgJR1alFORaDpKLKw+I73XdQ/Pedio Aqx8hDZpOY2xXmaERdzJpucB3dLnfv6s+htLvHj/zHlz/irqUVjy4d4im4gsNook HZI5W7DTnMdVwKI6hh3p9oEFpn5b4XE2SPm6CiuuPP7x26nf459oTgbJrzv1SNiD SUxU5TjXeK9zHr+yLBgby/SnsRT70lBiOVdsVHFlLW2wep9YWm8= =dYyZ -----END PGP SIGNATURE-----