RFC 2350 1 Information about this document This document describes Cyberprotech's Computer Security Incident Response Team (CSIRT) in accordance with RFC 2350. 1.1 Date of last update Version 1.2 published on 2025/11/26. 1.2 Distribution lists for notifications There is currently no public distribution list for notification of updates to this document. 1.3 Access to this document The latest version of this document is available at: https://cyberprotech.org/csirt/rfc2350.txt https://csirt.cyberprotech.pt/rfc2350.txt 1.4 Authenticity of this document This document may be digitally signed with the official CSIRT-Cyberprotech PGP key (KeyID 0x688950E724A946FB), whose public key is provided in Section 2.8. 2 Contact Information 2.1 Team name CSIRT-Cyberprotech 2.2 Postal address Cyberprotech, Unipessoal Lda. R. Padre António Vieira 46 Centro Comercial Charlot, Loja 43 8100-611 Loulé Portugal 2.3 Time zone Europe/Lisbon (GMT +0, GMT +1 in daylight saving time) 2.4 Telephone +351 289 413 001 2.5 Fax Not available. 2.6 Other telecommunications Microsoft Teams and Signal (by prior appointment). 2.7 Email addresses For reporting incidents (SOC): soc@cyberprotech.pt For general or administrative inquiries (CSIRT): csirt@cyberprotech.pt 2.8 Public keys and cipher information Sensitive incident reports must be encrypted using the official Cyberprotech PGP keys. SOC Key Key ID: 0x7B15CC152B5AEB4D Fingerprint: B66C BE48 2CC6 DD3E 2204 5FBD 7B15 CC15 2B5A EB4D Public keys (ASCII-armored): https://cyberprotech.org/csirt/cyberprotech-soc-public.asc https://cyberprotech.org/csirt/cyberprotech-soc-public.key Keyserver: keys.openpgp.org (search: soc@cyberprotech.pt) CSIRT Key Key ID: 0x688950E724A946FB Fingerprint: 64AA 9C3F 6023 B651 BF03 3845 6889 50E7 24A9 46FB Public keys (ASCII-armored): https://cyberprotech.org/csirt/pubkey.asc https://cyberprotech.org/csirt/cyberprotech-csirt-public.asc https://cyberprotech.org/csirt/cyberprotech-csirt-public.key Keyserver: keys.openpgp.org (search: csirt@cyberprotech.pt) These keys provide: - encryption of sensitive incident reports - verification of CSIRT-issued digital signatures - protection of TLP:AMBER and above information 2.9 Team members Details of individual team members are confidential. The CSIRT is composed of cybersecurity analysts, network engineers, DPOs and compliance auditors (TIER 1–4). 2.10 Other information CSIRT-Cyberprotech operates a Security Operations Center (SOC) fully integrated with the CyberCARE platform. 2.11 Means of contact for users Telephone and e-mail as provided above. Sensitive information must be encrypted and transmitted following the Traffic Light Protocol (TLP). 3 Charter 3.1 Mission CSIRT-Cyberprotech exists to coordinate detection, response and mitigation of cybersecurity incidents affecting Cyberprotech, its clients and its partners. Its mission is to strengthen national and EU cyber-resilience in alignment with RGPD, NIS2 and DORA regulatory frameworks. 3.2 Constituency The team serves Cyberprotech’s internal network, contracted clients (B2B, B2C, B2G) and services delivered through the CyberCARE ecosystem. 3.3 Sponsorship and membership CSIRT-Cyberprotech is a service of Cyberprotech Unipessoal Lda. 3.4 Authority The team has authority over systems, networks and clients managed directly by Cyberprotech or covered by existing service agreements (CSaaS, DPOaaS, SOC-in-a-Box, etc.). 4 Policies 4.1 Types of incidents and level of support CSIRT-Cyberprotech handles: a) Malware and ransomware b) Phishing and fraud attempts c) Unauthorized access or intrusion attempts d) Information leakage or credential exposure e) Denial-of-service attacks f) Policy violations and misconfigurations g) Vulnerability disclosure and exploitation h) Data protection and privacy breaches Incident priority is determined by criticality (Critical, High, Medium, Low) and contractual SLAs. 4.2 Cooperation, interaction and privacy policy Information shared with the CSIRT is treated as confidential and protected under RGPD and internal Cyberprotech security policies. Disclosure to third parties occurs only when legally required or with prior written consent. 4.3 Communication and authentication Routine information may be exchanged by email or telephone. Sensitive information must be encrypted using PGP. All information release follows the Traffic Light Protocol (TLP). 5 Services 5.1 Incident response and coordination The team provides triage, coordination, containment, eradication, recovery and post-incident analysis. 5.1.1 Incident Triage - Validate authenticity and scope. - Determine impact and severity. - Assign responsible analyst. 5.1.2 Incident Coordination - Engage internal and external stakeholders. - Notify affected entities. - Ensure evidence preservation. 5.1.3 Incident Resolution - Implement remediation. - Validate system integrity. - Produce final report and lessons learned. 5.2 On-site and remote support For critical incidents, Cyberprotech can deploy specialists on-site or provide secure remote response via VPN. 5.3 Monitoring The SOC conducts continuous monitoring of domains and IP ranges managed by Cyberprotech and its clients through the CyberCARE platform with integrated SIEM (Wazuh / Graylog). 5.4 Proactive activities - Threat Intelligence correlation (IntelWatch) - Vulnerability management (RiskScan) - Awareness and training programs - Security and compliance audits 6 Disclaimer CSIRT-Cyberprotech makes every effort to ensure accuracy and reliability of information but assumes no liability for errors, omissions or damages resulting from its use.