RFC-2350

RFC-2350

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

1. Document Information

This document contains a description of Redes Energéticas Nacionais, SGPS, S.A (REN) Cybersecurity Incident Response Service according to RFC 2350.

  • 1.1 Date of Last Update: Versão 1.0. Publishment date: 18/02/2021.
  • 1.2 Distribution List for Notifications: There is no distribution list for notifications.
  • 1.3 Locations Where this Document May Be Found: A The current version of this document can always be found at  https://www.ren.pt/en-gb/csirt/rfc-2350.
  • 1.4 Authenticating this Document: Este documento está assinado com a chave PGP da REN.

2. Contact Information

  • 2.1 Name of the Team: Centro de Operações de Segurança (SOC REN)
  • 2.2 Address: REN Serviços, S.A. Rua Cidade de Goa n.4 2685-038 Lisboa - Portugal
  • 2.3 Timezone: Portugal/WEST (GMT+0, GMT+1 during summer time)
  • 2.4 Telephone Number: (+351) 210 011 210 (24/7)
  • 2.5 Fax number: Not available.
  • 2.6 Other Telecommunication: Not available.
  • 2.7 Electronic Mail Address: To report an incident please use the following e-mail address: soc@ren.pt
  • 2.8 Public Keys and Encryption Information: 92A9 185F 8FC3 613A PGP Fingerprint: D8BB B139 AA27 911E 2B65 6060 92A9 185F 8FC3 613A. The X.509 certificate is available at: https://www.ren.pt/media/eixptxcm/ren-soc_x509.pem
  • 2.9 Team Members: The list of the team members is not publicly available.
  • 2.10 Other Information: Not available.
  • 2.11 Contact Means: REN’s contact means are stated in the following sections: 2.2 e 2.4 a 2.7.

3. Charter

  • 3.1 Mission: REN Security Operations Center's mission is to ensure an Information Security Incident Response service and to promote a cybersecurity culture among REN employees and business processes.
  • 3.2 Constituency: The constituency of SOC REN is composed of any information and communication technologies that support REN's business processes and services, including the following information assets:

a) Autonomous System Number: AS207112 - 185.165.104.0/22
b) Domains: ren.pt; rengasodutos.pt; rentelecom.pt; renatlantico.pt; rdnester.com; renarmazenagem.pt; portgas.pt

  • 3.3 Sponsorship and/or Affiliation: SOC REN is an operative service within the Information Systems Department.
  • 3.4 Authority: SOC REN is an operative service within the Information Systems Department and its mission is formalized in an internal Service Order.

4. Policies

  • 4.1 Types of Incidents and Level of Support: SOC REN responds to all categories of cybersecurity incidents, and the given support level varies depending on the category, severity and scope of ongoing incidents and the resources available for their treatment.
  • 4.2 Co-operation, Interaction and Disclosure of Information: REN's Privacy and Data Protection Policy states that sensitive information can be passed on to third parties, only if necessary and with the express authorization of the individual or entity to whom that information relates.
  • 4.3 Communication and Authentication: SOC REN considers that telephone and unencrypted electronic mail are considered sufficient for transmission of non-sensitive information. For the transmission of sensitive information, the use of a PGP cipher or digital certificate is mandatory.

5. Services

SOC REN supports the technical and organizational aspects of security incidents.

  • 5.1 Real-Time Security Event Monitoring: Collection, filtering and correlation of logs from different sources to identify potential security incidents.
  • 5.2 Event Screening: Validation of whether a detected or reported event is a security incident and if it falls within the scope of the incident response team.
  • 5.3 Coordination and Resolution:

- - - Classification level determination.
- - - Prioritization of incidents based on classification.
- - - Collection and registration of additional context information.
- - - Development of recommendations for incident response and mitigation.
- - - Advising local teams on appropriate actions to take.
- - - Identification of lessons learned.
- - - Sharing of information with other CSIRTs and cooperation networks.

  • 5.4 Proactive Activities:

- - - Monitoring of infrastructure, applications and systems from the perspective of cybersecurity vulnerabilities and weaknesses.
- - -Impact assessment of changes and configurations.
- - - Threat Intel.
- - - Threat hunting.
- - - Communication, awareness and training activities.
- - - Participation in incident/crisis management exercises at national level.

6. Disclaimers

Although every precaution is taken in the preparation of the information disclosed either on the Internet portal or through the distribution lists, SOC REN assumes no responsibility for errors or omissions, or for damages resulting from the use of this information.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE2LuxOaonkR4rZWBgkqkYX4/DYToFAmA24OEACgkQkqkYX4/D YTorxg/+I0pVCVEKKbbu4E76ym3OWMfmqg+7XyEuxdLTkHOKSDtAo+R5RaLIN34j eSV3r13glP9ns8rsE+4cptumWiz6usQvAkgvFY/E7W7mj619IgVbaefxkEl75JQF mi7nUUB03Thw2aYBZMYiZ1iNqZiYacOwHScq+SNHAM3AixBXgnEcYVRSxdrFiEqQ Zs5kJ/nH1fvCwaOqMDWEmsy77eP3tHRKJrZF7VjESOEnSX1RT58AzQv4zcwTORYr HaPkYVlhVnthrjYSffavsyoN1h7yms2XS+uxySoI4ygd+di8cFn9xidpZ7kEZo7k oorORDzsjieCMRGR9eNAnPi9wpmC6v431Y/eHZVtucsNGOT8e7wNIOhtvjPICyBz 0+sR4UOuM2YmbVYc1zQwt2Wm9MvMhJuFEaO04+ehJ6DqPcxsevz1aOdV/dlczhAf DjldZtXh8cHwe0+v7FCRCdqRglsSbC61hDkY7MgrXCg+pt1aJwB7It4nFIoWUED0 bUki3ulz0RdpNXx5dA22XDW5w0mR3V6xMvmIbtAhMmfY+ZLxBTFHf8/4J66AgRjE 4Z7iu8ZNWUHXsxaNBURjzOmSAvjbFeUBb7Yp1wW4ZE3my9B+8ixBeOt01NADnwTR DFpPUS2nbJ76o9K4YA0DLy8eBH40DILYU6VsHX6jafglOy7X5zM= =/FwR

-----END PGP SIGNATURE-----

Related content
ren-soc_x509.pem
ZIP 1.49 KB
0:00
/
0:00