1. Document Information
This document complies with RFC 2350
1.1. Date of Last Update
This is version 1.1 published 27th January 2016.
1.2. Distribution List for Notifications
Notifications of updates are submitted to our constituency using established communication channels.
1.3. Locations where this Document May Be Found
The current version of this document is available on the CaixaBank CERT web site:
1.4 Authenticating this Document
This document has been signed with the CaixaBank CERT PGP key. The signatures are also on our web site PGP Signature:
2. Contact Information
2.1. Name of the Team
Full Name: CaixaBank CERT Cyber Security Response Team.
Short Name: CBK CERT.
Av. Diagonal, 621, t. 1, ZI. 08028 – Barcelona, Spain
2.3. Time Zone
Central European Time - CET (GMT+0100, and GMT+0200 from April to October)
2.4. Telephone Number
+34 914 38 12 84
This line should be contacted only for regarding general CaixaBank CERT inquiries. If you want to report a computer security incident, please use Incident Reporting Forms.
2.5. Facsimile Number
2.6. Other Telecommunication
2.7. Electronic Mail Address
2.8. Public Keys and Encryption Information
Please encrypt any sensitive e-mail with the CaixaBank CERT PGP key and send to: [email protected]
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.2 (Build 16620)
-----END PGP PUBLIC KEY BLOCK-----
2.9. Team Members
No information is provided about the CaixaBank CERT team members in public.
2.10. Other Information
2.11. Points of Customer Contact
The preferred method for contacting CaixaBank CERT is via e-mail.
For general inquiries please send e-mail to [email protected]
3.1. Mission Statement
The purpose of CaixaBank CERT is, first, to provide 24x7x365 operational support aimed to implement, manage, monitor, evaluate the adequacy and ensure that security controls that protect the network, systems and applications of CaixaBank, and second, to support internal reaction to attacks to ICT security of CaixaBank.
CaixaBank CERT supports incident response and security services for CaixaBank, his customers and related organizations.
3.3. Sponsorship and/or Affiliation
CaixaBank CERT is sponsored by CaixaBank, S.A.
The CaixaBank CERT operates under the auspices of, and with authority delegated by, the Information Security Department of CaixaBank, S.A.
4.1. Types of Incidents and Level of Support
CaixaBank CERT is authorized to address all types of computers security incidents which occurs at its constituency.
All the incident reports received by CaixaBank CERT are analyzed, classified and prioritized according to internal incident classification policy so that an efficient and appropriate level of service is provided.
Resources will be assigned according to the following priorities:
- Threats to the physical safety of human beings.
- Root or system-level attacks on any Management Information System, or any part of the backbone network infrastructure.
- Root or system-level attacks on any large public service machine, either multi-user or dedicated-purpose.
- Compromise of restricted confidential service accounts or software installations, in particular those used for Managed Information System applications containing confidential data, or those used for system administration.
- Denial of service attacks on any of the above three items.
- Any of the above at other sites, originating from the Constituency of CaixaBank CERT.
- Large-scale attacks of any kind, e.g. sniffing attacks, "social engineering" attacks, password cracking attacks.
- Threats, harassment, and other criminal offenses involving individual user accounts.
- Compromise of individual user accounts on multi-user systems.
- Compromise of desktop systems.
- Forgery and misrepresentation, and other security-related violations of local rules and regulations.
- Denial of service on individual user accounts.
Types of incidents other than those mentioned above will be prioritized according to their apparent severity and extent.
In some cases, CaixaBank CERT will provide pointers to the information needed to implement appropriate measures.
CaixaBank CERT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.
4.2. Co-operation, Interaction and Disclosure of Information
CaixaBank CERT will cooperate with other organizations in the field of computer security. This cooperation also includes and often requires the exchange of information regarding security incidents and vulnerabilities. Nevertheless CaixaBank CERT will protect the privacy of its constituency and therefore (under normal circumstances) pass on information in an anonymized way only.
CaixaBank CERT will only provide information to other parties with the sole purpose of facilitating the tasks of containment, eradication and recovery of incidents under the general principle of providing the minimum information possible.
CaixaBank CERT operates under the restrictions imposed by the law of Spanish Data Protection Authority. Therefore it is also possible that CaixaBank CERT may be forced to disclose information due to a Court’s order.
4.3. Communication and Authentication
Telephone and unencrypted e-mail are considered sufficient for the transmission of low-sensitivity data. If it is necessary to send high sensitivity data by e-mail, PGP will be used. Network file transfers will be considered similar to e-mail for these purposes.
CaixaBank CERT will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1. Incident Response
5.1.1 Incident Triage
CaixaBank CERT Incident Triage includes:
- Investigating whether indeed an incident occurred.
- Determining the extent of the incident.
5.1.2 Incident Coordination
CaixaBank CERT Incident Coordination includes.
- Determining the initial cause of the incident (vulnerability exploited).
- Facilitating contact with other sites which may be involved.
- Facilitating contact with appropriate security teams and/or appropriate law enforcement officials, if necessary.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.
5.1.3 Incident Resolution
CaixaBank CERT Incident Resolution includes.
- Technical Assistance. This may include analysis of compromised systems.
- Recommendations on Eradication or Elimination of the cause of a security incident (the vulnerability exploited), and its effects.
- Suggestions in securing the system from the effects of the incident.
In addition, CaixaBank CERT will collect statistics concerning incidents which occur within or involve its constituency, and will notify the community as necessary to assist it in protecting against known attacks.
5.2 Proactive Activities
Proactive services provide means to reduce the number of actual incidents by giving proper and suitable information concerning potential incidents to the constituency. CaixaBank CERT will perform proactive activities to improve performance and capabilities such as:
- Training and simulation activities.
- Security tool development.
- Forensics and malware analysis.
- Intelligence reporting.
CaixaBank CERT additional proactive services include:
5.2.1 Information Services
CaixaBank CERT will provide its constituency with information about ongoing attacks, security vulnerabilities, alerts in the general sense, and short-term recommended course of action for dealing with the resulting problems.
5.2.2 Vulnerability Analysis
CaixaBank CERT will assist its constituency in reaction to the discovery of new vulnerabilities. A database is maintained collecting information of vulnerabilities, automatically and manually, via network scans and by other means.
Penetration testing teams are coordinated, and network security architecture analysis and configuration changes analysis are conducted.
6. Incident Reporting Forms
Through email or phone call.
While every precaution will be taken in the preparation of information, notifications and alerts, CaixaBank CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.