1. Document Information

This document complies with RFC 2350

1.1. Date of Last Update

This is version 1.1 published 27th January 2016.

1.2. Distribution List for Notifications

Notifications of updates are submitted to our constituency using established communication channels.

1.3. Locations where this Document May Be Found

The current version of this document is available on the CaixaBank CERT web site:

https://portal.lacaixa.es/general/certificacionesCERTProfile_en.html

1.4 Authenticating this Document

This document has been signed with the CaixaBank CERT PGP key. The signatures are also on our web site PGP Signature:

https://portal.lacaixa.es/general/certificacionesCERTProfile_en.html

2. Contact Information

2.1. Name of the Team

CaixaBank CERT.

Full Name: CaixaBank CERT Cyber Security Response Team.

Short Name: CBK CERT.

2.2 Address

Av. Diagonal, 621, t. 1, ZI. 08028 – Barcelona, Spain

2.3. Time Zone

Central European Time - CET (GMT+0100, and GMT+0200 from April to October)

2.4. Telephone Number

+34 914 38 12 84

This line should be contacted only for regarding general CaixaBank CERT inquiries. If you want to report a computer security incident, please use Incident Reporting Forms.

2.5. Facsimile Number

None available.

2.6. Other Telecommunication

None available.

2.7. Electronic Mail Address

[email protected]

2.8. Public Keys and Encryption Information

Please encrypt any sensitive e-mail with the CaixaBank CERT PGP key and send to: [email protected]


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.2 (Build 16620)
mQINBFafxOoBEADQfZ3pfNV4Cp+DC6GFFx7gRYvQ2XgmWKLnjoYmtDxGLqclcTiq
0i1wvrrJIcqWEVJUKv0dL8JDJWHxRdmWzrST+0CLEXFFwpKATrXjZvZHkcs7aTIA
jYfkaSNnQbM4fU/v7eWCqanSEAz8E15EGbFkuPhOtsImJoUjCrUZAZLgBcTq4c7C
IJ/lD5h11zOObNdfKz1mqZ98wjYe6dYhqTHTogpW8jsXd46WoId06unrO98f+Fy3
BRqnJwP/8nCz7HSBEmWIiJdUQ4x5l5QLGT0HPiQB+mwt+BDZuPEl7h1lpsDXGyr1
4sSX7i4p4pnYwBI2jB891/q6WOh4jXaycRXqmbIDZgG/QmBh4fBbIiHp1DLrZa6Y
okKxEQHklhrOd3OlpGsCDWtqHeEScl4L2IycZ5Yo6YW4iozK3jDZo2zM+7eToJXX
w/zyw85/nBvSy8ZZ/kaeBXkyN3VhKoTu6pnOsqF0VHSOFKsFQWg0G3yNcN9T31/1
GIIQlD33xfHQ6DoaCWSw6TbPMjWI2TtC7MgwtgGGeK07+t5SCiS0disatKuJasH9
/KjpHwesWF4c7ks/9hmay+7pelrbC0FI8r+3CgQMBLmin4HeRMN8xvKRJEUTANR0
LzlI2YvM8lmZWCJ/LkFU0uhM05kttfT8NKsxot3xxx/40dr2PMbK98F1XwARAQAB
tCNDRVJUIENBSVhBQkFOSyA8Y2VydEBjYWl4YWJhbmsuY29tPokCbQQQAQIAVwUC
Vp/E6jAUgAAAAAAgAAdwcmVmZXJyZWQtZW1haWwtZW5jb2RpbmdAcGdwLmNvbXBn
cG1pbWUFCwkIBwECGQEFGwMAAAAFFgADAgEFHgEAAAAEFQoICQAKCRBjSwwRC/Qr
86ByEAC8rHbVUPNS4BQ+kKZjXDFtEyXzF4bq6SKrbamC0WoXMdD+YkIVin/nU8rU
uW0EAiZvig05xhD3eeN2Y/1PGuMJTxSx9IjNiFItcW9C0VjQmEkJ3lu9GP1HOpak
1eKC3+DPMTzhOi4PDpulfu4shu4t87+XKLOo8L9D/KESsq80adc+zmH7vr3+TTXp
WWUZh/GfwDSh+gYYElTp/yTo67KZ9fnt+5PIJLFHc1eMVdJWPjqZ271LfuB0oeRE
R5RODDBghd62QH2US2H0Nqlnvtkv0WH/irfXzmu0PB8kEewWHyFjsBPd3Sg9Qzhq
TTUfz1mKqWT4ipfBUhkbvU8P2ioyjdxv5LvFoHnp7NqhpVVfHyt8IAiXPG5rpMTT
o55AyDsncV1pioRaHGFoa8kQneTYHHFFiuIG46bV1AUdwTZL1PG/k2kW/JLL13mX
rCauYFbbjyCiRB5KmfX30JcRRlHVjmYTkbZDwO1oK6z1rK3Tdhy+XA6uitfdU57+
YX1GBYdVsCsPIxFfkqTZzjUPW3nIgsiXMWuYx1QFz9w+m0Nh1o13n/f8HPIVf6H5
4R6rNQszT2zY+1zCVRSqOCEAfw/k7M5QKxtSp5bLIpokTn4RQK7UMc5Xt128i7To
+XHYVyDOnmtay7FURhetrsgbs0B1sgUh6bCj9sWHT2TT0GCEKrkCDQRWn8TvARAA
zIjjv3BWmDzZYPxXXArGYqqFHV00ylLZEcqvJFRh/shwU46hdYd4xp0VbFiAMqjg
U1qvMIEgFPh1P4/6DTZ93EXn6cZfiSUZww3VM1srZTJuqT3ZvZzpK7qfzcCvR91q
8Rausqc/nSd3nTYqzPZ+lJ/xUh6ObqIf7XnYQveOrLeiqW2z7hagWM8l0Zc0reTd
74SzuFGdNZx0KL1caP5NDHdsrNdc70rRbA8bmlgP8IFcypRxzCVkc8jJozCyQp0U
0YWFdIEspU6JQHuCvDC4ctusVQ6MJZozpBnp8k7Yzr6ujpns7bb0Vn3gaOePCqlI
kfYbl9DDGX7aMtib/ymGOhie/4F0n97Ete47kzzcw+tH1fpaAAjnoOpXIGUCg1z5
OyEfRHvqv1zlGGsxTsWWzLiFw5ESYR7+yiAbVYSzoYa061NG5kuJA13fuKmvslXY
ybiZi+hrGNM22xx0Te2YEKVIa66P+Kng2GUgIytfQdAQnTFLuLO4ovdCy7XhfgKV
bpCgNLQ2oYBPUs6tUBoeg99bcLQ0154p6aBkqhOAz4k8vwNx9X1vpasrB5vK1SI8
vFRuDrkoKwVSHOquysj6XLIrRxczVLd+6govErw+0TVbaQccbJ35kE4yQUxqnDOx
I0uojJqR5tKfvFKtthXcYGWMereeLmgviYrnD0BYlGkAEQEAAYkEQQQYAQICKwUC
Vp/E8AUbDAAAAMFdIAQZAQgABgUCVp/E7wAKCRAhH3vcplVO2eyfD/4jqHYt2yz7
RDTXGOEChagCtlaDrWoY1LbrDS2itsyz6xgAf+DrLuAPG9bKiXWscH7unhzXY/sV
R14ZtB2XGjE1llgUIh61f7YVDjItmHFc0lEaZKRgrQ39bFa6uhQ5RGWHtUB10LU5
IqpwV8GB2jEbmfuayS+JStKhbf4XTKQqXnBHOppwqjDllcsNi5Bd31mqLzf3nIVT
fTzeooVU6DoWGraoURVEJQctAn7NBa9kG1FANSbEXUwplue93z8C6vHQNpShJ9k8
U9beNLo8pAMNA6MTUstAqfUFSJA0zIeZ7HH9eRVG2VGCwNRCIPuLxlHZe/4duoqT
9ne6oNltdVfnnuMVh5/hz5xZHIpJQPGiU29ZXcajiv+wuy8IbYGAHmyzC/OEZfwc
MxKwhuy5DoeDj5d1SqmuKRska21Avu6bqigUMdjN5ymjHFQM0lTH8l5wRJ9FkXHo
ZSWHiAFiYhkf8I63fLvHHr9y2RM7QEncUFwKaT4UrzzFib57xBY2jU6hDJq/dIwE
UiWhQjwqvVK9DntCMDBKnYIrBpNpor8VErZ+63J4wR/R1xvTQ+bPUX4iNB+fIjPA
e9FrXXU5OpNd585Xv9B7LFWTWqrz/jCXpGMvEDDaX3CClFlUsphN/tjw2GafT9Y5
f22pnblLxuExXttvlP39J/rFVenzHBaqZQAKCRBjSwwRC/Qr81YvD/9UcIfN7nX5
7ayQlIp7fD/LYPbBQ0b+A+eTgdeOO4kicZ+aWOjFLQ5oEJhd/uYlZUOWXNaSWfJM
+nLlW+QDZNZfRM23CEcjVIGx2wMRCJBfANxSHDFBmja8hXkEoH9O7WPFJY5v4nPR
50IfhEJ/gO8bR/hK6FnHZ3ZnDH0z6ZHlLj701cKILu0f54zOOGJ4qysxIcFx8Un9
U1VdTiHLB8cMldls9c9W/6B77PBV12n7/BFmY0GkeGdMpkA7Sv5+RdLng8MluBOS
41c3oyVu5h2OWdISMhRPVW8afR5jeneVmGvGOMNqNxWTQBnEW/1+yibz4IM794YW
f85/HASqhGma1AG4TydaqPx3+um6TuRfQ8nClAzldSQnxXt8XeBuB5zuF7GOWLks
tOyHCLeENDnaKC4h95lEP2UKWtO6FGNkvzLWF+Ut08Nf9mxdi5BdgoPJCnWW6R0U
Fs2S51XbFEC8k9XQoCd/fZ0cnMjeT9eS5tB83V54iqcBLzKobsmjsQepriji8h/U
sU+y1mkMvc6qtU4xgMzyaK1bRmTwkdJKDTh4Qq06ciKOCsPfQ47W4xYR0JzCeRyI
eOY6gj/Z3M06m8LgIrAnK95Q08iAlU/QP2tkRqG5IdZt2R40CPY6aDYI29TOObDk
EQdQRVnXJdYMwtLZoDK/GsFGHZOL1KkikQ==
=yCsv
-----END PGP PUBLIC KEY BLOCK-----

2.9. Team Members

No information is provided about the CaixaBank CERT team members in public.

2.10. Other Information

None available.

2.11. Points of Customer Contact

The preferred method for contacting CaixaBank CERT is via e-mail.
For general inquiries please send e-mail to [email protected]

3. Charter

3.1. Mission Statement

The purpose of CaixaBank CERT is, first, to provide 24x7x365 operational support aimed to implement, manage, monitor, evaluate the adequacy and ensure that security controls that protect the network, systems and applications of CaixaBank, and second, to support internal reaction to attacks to ICT security of CaixaBank.

3.2. Constituency

CaixaBank CERT supports incident response and security services for CaixaBank, his customers and related organizations.

3.3. Sponsorship and/or Affiliation

CaixaBank CERT is sponsored by CaixaBank, S.A.

3.4. Authority

The CaixaBank CERT operates under the auspices of, and with authority delegated by, the Information Security Department of CaixaBank, S.A.

4. Policies

4.1. Types of Incidents and Level of Support

CaixaBank CERT is authorized to address all types of computers security incidents which occurs at its constituency.
All the incident reports received by CaixaBank CERT are analyzed, classified and prioritized according to internal incident classification policy so that an efficient and appropriate level of service is provided.
Resources will be assigned according to the following priorities:

  • Threats to the physical safety of human beings.
  • Root or system-level attacks on any Management Information System, or any part of the backbone network infrastructure.
  • Root or system-level attacks on any large public service machine, either multi-user or dedicated-purpose.
  • Compromise of restricted confidential service accounts or software installations, in particular those used for Managed Information System applications containing confidential data, or those used for system administration.
  • Denial of service attacks on any of the above three items.
  • Any of the above at other sites, originating from the Constituency of CaixaBank CERT.
  • Large-scale attacks of any kind, e.g. sniffing attacks, "social engineering" attacks, password cracking attacks.
  • Threats, harassment, and other criminal offenses involving individual user accounts.
  • Compromise of individual user accounts on multi-user systems.
  • Compromise of desktop systems.
  • Forgery and misrepresentation, and other security-related violations of local rules and regulations.
  • Denial of service on individual user accounts.

Types of incidents other than those mentioned above will be prioritized according to their apparent severity and extent.
In some cases, CaixaBank CERT will provide pointers to the information needed to implement appropriate measures.
CaixaBank CERT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.

4.2. Co-operation, Interaction and Disclosure of Information

CaixaBank CERT will cooperate with other organizations in the field of computer security. This cooperation also includes and often requires the exchange of information regarding security incidents and vulnerabilities. Nevertheless CaixaBank CERT will protect the privacy of its constituency and therefore (under normal circumstances) pass on information in an anonymized way only.
CaixaBank CERT will only provide information to other parties with the sole purpose of facilitating the tasks of containment, eradication and recovery of incidents under the general principle of providing the minimum information possible.
CaixaBank CERT operates under the restrictions imposed by the law of Spanish Data Protection Authority. Therefore it is also possible that CaixaBank CERT may be forced to disclose information due to a Court’s order.

4.3. Communication and Authentication

Telephone and unencrypted e-mail are considered sufficient for the transmission of low-sensitivity data. If it is necessary to send high sensitivity data by e-mail, PGP will be used. Network file transfers will be considered similar to e-mail for these purposes.

5. Services

CaixaBank CERT will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1. Incident Response

5.1.1 Incident Triage

CaixaBank CERT Incident Triage includes:

  • Investigating whether indeed an incident occurred.
  • Determining the extent of the incident.

5.1.2 Incident Coordination

CaixaBank CERT Incident Coordination includes.

  • Determining the initial cause of the incident (vulnerability exploited).
  • Facilitating contact with other sites which may be involved.
  • Facilitating contact with appropriate security teams and/or appropriate law enforcement officials, if necessary.
  • Making reports to other CSIRTs.
  • Composing announcements to users, if applicable.

5.1.3 Incident Resolution

CaixaBank CERT Incident Resolution includes.

  • Technical Assistance. This may include analysis of compromised systems.
  • Recommendations on Eradication or Elimination of the cause of a security incident (the vulnerability exploited), and its effects.
  • Suggestions in securing the system from the effects of the incident.

In addition, CaixaBank CERT will collect statistics concerning incidents which occur within or involve its constituency, and will notify the community as necessary to assist it in protecting against known attacks.

5.2 Proactive Activities

Proactive services provide means to reduce the number of actual incidents by giving proper and suitable information concerning potential incidents to the constituency. CaixaBank CERT will perform proactive activities to improve performance and capabilities such as:

  • Training and simulation activities.
  • Security tool development.
  • Forensics and malware analysis.
  • Intelligence reporting.

CaixaBank CERT additional proactive services include:

5.2.1 Information Services

CaixaBank CERT will provide its constituency with information about ongoing attacks, security vulnerabilities, alerts in the general sense, and short-term recommended course of action for dealing with the resulting problems.

5.2.2 Vulnerability Analysis

CaixaBank CERT will assist its constituency in reaction to the discovery of new vulnerabilities. A database is maintained collecting information of vulnerabilities, automatically and manually, via network scans and by other means.
Penetration testing teams are coordinated, and network security architecture analysis and configuration changes analysis are conducted.

6. Incident Reporting Forms

Through email or phone call.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CaixaBank CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.