CYB-CERT profile
Established according to RFC-2350.
1. Document Information
1.1. Date of Last Update
This is version 1.0 of 2023-03-01.
1.2. Distribution List for Notifications
This profile is kept up-to-date on the location specified in 1.3. Email notification of updates are sent to:
- The Trusted Introducer for CERTs in Europe (see https://www.trusted-introducer.org/ )
Any questions about updates please address to the cert@cyberoo.com e-mail address.
1.3. Locations where this Document May Be Found
The current version of this profile is always available on https://cyberoo.com/rfc-2350/
2. Contact Information
2.1. Name of the Team
Full name: CYBEROO Computer Emergency Response Team
Short name: CYB-CERT
CYB-CERT is the CERT of Cyberoo S.p.A.
2.2. Address
Postal Address:
Via Brigata Reggio, 37,
Reggio Emilia, Reggio Emilia, 42124,
Italy
2.3. Time Zone
GMT+1 (GMT+2 with DST or Summer Time, which starts on the last Sunday in March and ends on the last Sunday in October)
2.4. Telephone Number
+39 0522 388111
2.5. Facsimile Number
Not available.
2.6. Other Telecommunication
Not available.
2.7. Electronic Mail Address
This address can be used to report all security incidents to which relate to the CYB-CERT constituency.
2.8. Public Keys and Encryption Information
PGP/GnuPG is supported for secure communication.
The current CYB-CERT team-key can be found on https://cyberoo.com/cert_at_cyberoo.com.asc
Please use this key when you want/need to encrypt messages that you send to CYB-CERT. When due, CYB-CERT will sign messages using the same key.
When due, sign your messages using your own key please – it helps when that key is verifiable using the public keyservers.
2.9. Team Members
Information is not provided about the CYB-CERT team members on the website. Please use our team-key when you contact us. The current CYB-CERT team-key can be found on:
https://cyberoo.com/cert_at_cyberoo-com-asc/
2.10. Other Information
See the CYB-CERT webpages www.cyberoo.com
2.11. Points of Customer Contact
Regular cases: use CYB-CERT e-mail address.
Regular response hours: Monday-Friday, 09:00-18:00 (except public holidays in Italy).
Phone number: +39 0522 388111
3. Charter
3.1. Mission Statement
Cyberoo is an innovative Italian company specialized in cyber security, based in Reggio Emilia and with offices in Lodi, Milan and Ukraine. Born from a spin-off of Sedoc Digital Group (Information Technology expert since 1973), Cyberoo is the first cyber security company listed on Piazza Affari (AIM market of the Italian Stock Exchange) since 2019.
For its customers and partners, Cyberoo represents a true guide that drives companies, people and organizations through knowledge, training and defense, now essential aspects for living and working better and safer in the digital world. Like a lighthouse that illuminates the dark areas of cyber space, is also a research and development center for the most advanced Detection technologies.
Protect, guarantee, create, manage.
These are the four Cyberoo lookout towers (also represented in the logo), fundamental for the cyber security of Businesses. The 4 towers are placed around companies and act as guardians to protect information and data, a priority in today’s scenario.
Cyberoo solutions simplify complexity and bring together all measures to protect data from unforeseen events, to guarantee their availability and IT integrity and confidentiality, while also ensuring rapid recovery in case of need.
Cyberoo is able to monitor, manage and protect the information in the IT ecosystem from cyber threats and cybercrime, creating new artificial intelligence solutions and algorithms and ensuring the security and performance of systems.
3.2. Constituency
CYBEROO provides Cyber Security solutions which enable the monitoring and protection of Information technology (IT) infrastructure and the automated detection of threats and anomalies. To do so, the Company invests in several technologies, including Artificial Intelligence and Big Data. The company is furthermore committed to promoting and adopting a culture of cyber security through the sharing of knowledge, information and threats detected.
3.3. Sponsorship and/or Affiliation
CYB-CERT is sponsored by:
- GARR-CERT – GARR-CERT. – Servizio sicurezza rete GARR
- G-SIRT – Grimaldi Security Incident Response Team
3.4. Authority
CYB-CERT coordinates security incidents on behalf of its constituency and has no authority reaching further than that. CYB-CERT is however expected to make operational recommendations regarding vulnerabilities and mitigation of incidents and/or incident handling. Such recommendations can include but are not limited to blocking addresses or networks. The implementation of such recommendations is not a responsibility of CYB-CERT, but solely of those to whom such recommendations are made.
4. Policies
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority. CYB-CERT itself is the authority that can set and reset the EMERGENCY label. An incident can be reported to CYB-CERT as EMERGENCY, but it is up to CYB-CERT to decide whether or not to uphold that status.
4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information related to incidents is handled confidentially by CYB-CERT, regardless of its priority.
Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary, using encryption technologies. When reporting an incident of sensitive nature, please state so explicitly, e.g., by using the label SENSITIVE in the subject field of e-mail, and if possible, using encryption as well.
CYB-CERT supports the Information Sharing Traffic Light Protocol (ISTLP – see https://www.trusted- introducer.org/links/ISTLP-v1.1-approved.pdf ) – information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
CYB-CERT will use the information you provide to help solve security incidents, as all CERTs do. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably in an anonymized fashion.
If you object to this default behavior of CYB-CERT, please make explicit what CYB-CERT can do with the information you provide. CYB-CERT will adhere to your policy but will also point out to you if that means that CYB-CERT cannot act on the information provided.
CYB-CERT does not report incidents to law enforcement unless national law requires so. Likewise, CYB-CERT only cooperates with law enforcement EITHER in the course of an official investigation – meaning that a court order is present – OR in the case where a constituent requests that CYB-CERT cooperates in an investigation. When a court order is absent, CYB-CERT will only provide information on a need-to-know base.
4.3. Communication and Authentication
See 2.8 above. Usage of PGP/GnuPG, or other pre-approved cryptographical means, in all cases where sensitive information is involved is highly recommended.
5. Services
5.1. Incident Response (Triage, Coordination and Resolution)
CYB-CERT is responsible for the coordination of security incidents somehow involving their constituency (as defined in 3.2). CYB-CERT therefore handles both the triage and coordination aspects. Incident resolution is left at the discretion of the involved constituents – however, CYB-CERT will offer support and advice on request.
5.2. Proactive Activities
CYB-CERT proactively advises their constituency regarding recent vulnerabilities and on matters of computer and network security.
CYB-CERT is not responsible for implementation, which is always left at the discretion of the constituents.
6. Incident Reporting Forms
Not available. Preferably report in plain text using e-mail – or use the phone.
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications, and alerts, CYB-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.