Leer este post en español

1. DOCUMENT INFORMATION

  1. 1.1. Date of last updated
    1. This is version 1.0 of January 1, 2020.
  2. 1.2. Distribution list for notifications
    1. Changes to this document are not distributed by a mailing list. Any specific questions or comments, please go to the email address contacto@csirt.gob.do

2. CONTACT INFORMATION

    1. 2.1. Team name
      1. National Cyber Incident Response Team, CSIRT-RD
    2. 2.2. Time zone
      1. UTC / GMT -4 hours
    3. 2.3. Other telecommunications
      1. No
    4. 2.4. Email
      1. Incident Report: incidentes@csirt.gob.do
      2. 3073 8B9F F322 05FA 60AD 59CB 92EB 51BD 373F 9423
        General Information: info@csirt.gob.do
    5. 2.5. Team members
      1. A complete list of CSIRT-RD team members is not publicly available. Team members will be identified in front of the reporting party with their full name in an official communication about an incident.
    6. 2.6. Other information
      1. General information on the services provided by CSIRT-RD and on the agency itself are published on the web portal cncs.gob.do
  1. 2.7. Customer contact points
    1. In either case, use the info@csirt.gob.do email address. Our regular response schedule is every day of the week from 08:30am to 05:00pm. Outside these hours, the Shift Officer is available for incidents and mail can be contacted incidentes@csirt.gob.do

3. LETTER

  1. 3.1. Mission
    1. The CSIRT-RD is the National Cyber Incident Response Team, attached to the National Cybersecurity Center (CNCS), created by Decree 230-19 on June 19, 2018. Your mission is to ensure the establishment of appropriate cybersecurity mechanisms that protect the state and national security through continuity, update and evaluation of the National Cybersecurity Strategy,the formulation of policies derived from this strategy and the definition of initiatives, programs and projects that lead to the successful realization of the strategy, as well as the prevention, detection and management of incidents generated in government information systems and in national critical infrastructures. Being the national alert and response center that cooperates and helps respond quickly and efficiently to cyberattacks, actively address cyberthreats, including national coordination of different incident response and decision-making capabilities in crisis.
  2. 3.2. Community Served
    1. The incidents served by the CSIRT-RD will be those that affect Public Sector systems or companies of strategic interest, as well as any other system in which classified information is processed.
  3. 3.3. Sponsorship and/or Affiliation
    1. CSIRT-RD is the Dominican government’s center of expertise in cyber security and incident response. Aimed at preventing ICT and internet-related incidents. It is part of the Ministry of the Presidency and the National Cybersecurity Center, consisting of the technical director and incident management analysts.
  4. 3.4. Authority
    1. The main objective is the coordination of incident response and the proper management that constituents should have as such advice.

4. POLICIES

  1. 4.1. Types of incidents and level of support
    1. The CSIRT-RD handles different types of incidents and its hazard-determining criteria, the level of support will depend on both factors and the severity determined by CSIRT-RD personnel.
  2. 4.2. Cooperation, interaction and dissemination of information
    1. CSIRT-RD handles all information confidentially regardless of its priority. Information of a very sensitive nature is only communicated and stored in a secure environment and if necessary, using encryption technologies. All information provided to the CSIRT-RD will be used to help resolve security incidents. The information will only be distributed to other teams and members according to the need to know and preferably anonymously. CSIRT-RD uses TLP for information exchange.
  3. 4.3. Communication and authentication
    1. The preferred method of communication is by email.

5. SERVICES

  1. Incident response provides 24/7 availability to coordinate the recovery of all types of ICT-related incidents and consists of expertise, tools, and other capabilities to act, analyze, and communicate with stakeholders and the media.
  1. 5.1.1 Classification of the Incident
    1. – Investigate whether an incident actually occurred.
      – Determination of the extent of the incident.
      – Evaluation and comparison of the incident with historical.
  2. 5.1.2. Coordination of incidents
    1. – Determine the initial cause of the incident.
      – Facilitate contact with other sites that may be involved.
      – Communicate with stakeholders and the media
  3. 5.1.3. Incident Resolution
    1. – Provide advice to the reporting party that will help eliminate the vulnerabilities that caused the incident and protect the systems from the effects of incidents.
      – Evaluate which actions are best suited to provide the desired results regarding incident resolution.
      – Provide assistance in the collection of evidence and interpretation of data where necessary.
  4. 5.2. Proactive activities
    1. Prevention and preparation consist of all activities aimed at reducing the likelihood or impact of an incident on constituents. CSIRT-RD provides constituents with current information and advice on new threats and attacks that can impact their operations and seeks to raise awareness and skills in employees. CSIRT-RD provides convenient alerts and advice to the public and small businesses through the https://cncs.gob.do/alertas/.

6. INCIDENT NOTIFICATION FORMS

  1. To report incident, send communication: incidentes@csirt.gob.do
  2. For more details see, Cyber Incident Identification and Reporting Guide

7. DISCLAIMERS

  1. CSIRT-RD takes all precautions in the preparation of information, notifications, alerts and reports but assumes no responsibility for errors or omissions, or for damages resulting from the use of the information provided.
Ir al contenido