SL Benfica Logo

Total

0,00€

Buy

CSIRT

RFC 2350

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


1. Document Information
This document describes Sport Lisboa e Benfica's Information Security Incident Response coordination service according to RFC 2350.


1.1 Date of Last Update
Version 3, last updated on 21/09/2021.


1.2 Distribution List for Notifications
There is no distribution channel to notify changes to this document.


1.3 Document Location
The updated version of this document is available at www.slbenfica.pt/apoio/csirt.


1.4 Authentication of this Document
This document is signed with the Benfica CSIRT PGP key.


2. Contact information
2.1 Name of the Team

Benfica CSIRT


2.2 Address
Estádio do Sport Lisboa e Benfica – Porta 18
Av. Eusébio da Silva Ferreira 1500-313 Lisboa, Portugal


2.3 Time Zone
Portugal/WEST (GMT+0, GMT+1 Summer Time)


2.4 Telephone Number
+351 217 219 504


2.5 Other Telecomunications
Not existing


2.6 Email Address
The email address for notification of security incidents is csirt@slbenfica.pt.


2.7 Public Keys and Other Encryption Information
PGP Key ID: 3879B353
PGP Fingerprint: B961 3E1D B44E 7DCF 7F58 29E7 937E A696 3879 B353
The key is available here.


2.8 Team Members
Confidential


2.10 Other Information
More information about CSIRT SLB can be found at www.slbenfica.pt/apoio/csirt


2.11 Points of Customer Contact
CSIRT SLB has the contacts listed in sections 2.2 and 2.4 to 2.7.


3. Charter
3.1 Mission Statement

Benfica CSIRT is responsible for monitoring, detecting and responding to information security incidents in the community served. Forensic audits and security awareness are also the responsibility of Benfica CSIRT.


3.2 Constituency
Benfica CSIRT is responsible for responding to information security incidents related to employees, assets and all domains of Sport Lisboa e Benfica, namely: Domain and subdomains slbenfica.pt, benficaplay.pt, museubenfica.pt, 83.240.140.70/32, 88.157.149.90/32, 88.157.224.200/29, 62.48.176.96/27, 195.23.64.32/27.


3.3 Sponsoring Organization/Affiliation
Benfica CSIRT is a team from Sport Lisboa e Benfica.


3.4 Authority
Benfica CSIRT is mandated by the CSSO (Chief Safety & Security Officer) of Sport Lisboa e Benfica.


4. Policies
4.1 Types of Incident and Levels of Support

Benfica CSIRT responds to all types of Information Security incidents, namely those that result in a security breach of the following types:

  • Malicious Code
  • Availability
  • Collection of Information
  • Intrusion Attempt
  • Intrusion
  • Information Security
  • Fraud
  • Abusive Content
  • Vulnerable


4.2 Cooperation, Interaction and Disclosure of Information
The internal policies of Sport Lisboa e Benfica provide that sensitive information can be passed on to third parties, solely and exclusively in case of need and with the prior and express authorization of the individual or entity to whom that information relates.


4.3 Communication and Authentication
From the communication channels provided by Benfica CSIRT, the phone and email unencrypted are considered sufficient for the transmission of non-sensitive information. Sensitive data sent by email must be encrypted by the Benfica CSIRT PGP key.


5. Services
5.1 Incident Response

Benfica CSIRT will assist in the technical and organizational details of security incidents. In particular, it will provide assistance and advice in coordinating incidents.


5.2 Incident Triage
Confirmation of the veracity of a reported Incident will determine its criticality and priority.


5.3 Incident Coordination
Identification of the root cause of the Security Incident, facilitating contact with third parties and judicial authorities.
Benfica CSIRT will also report to and collaborate with other national and international CSIRTs.


5.4 Incident Resolution
Correction of vulnerabilities, removal of preventive measures and preservation of data collected during previous phases.


5.5 Proactive Activities
Benfica CSIRT performs the following activities: Security Tools, Awareness, Education and Training and Regular community alerts.


6. Incident Reporting Form
There are currently no forms available, the security incident reports must contain all relevant information relevant to the event and sent to the Benfica CSIRT email address.


7. Disclaimer
Although all precautions are taken in the preparation of the information disclosed either on the Internet portal or via the website, Benfica CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of that information.


-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEuWE+HbROfc9/WCnnk36mljh5s1MFAmFJ7yIACgkQk36mljh5 s1OglQwAiWbFXJmgBmbKOOohntjQfx3zdawH52crbkphdl0Ya4jnUEbuB/pi+2EC 5Hs6X6o/Vf0CWtRhov9hmhFRlBKBCWm+eIQRSY5kovgOj1LnAZQ6trf8Cr3jrYI/ O1M/yNvtI7uMaVyBq0onw6MTSxntBQafXFkM6Hxfh96ovdKGjShgOS1VFvFdLbhU whHsoN5d9ogXp6PCBwZ0nUpJYmQp8iMCPBCiYHzHKk61CilAbF46HdiVtg+zm4h6 aFUsDlQ8uetGx032qf18Fju/epeCxza9w+sfxkSQZporFhEIcQ4D67dxalKgEk2X BTqKjHSP9PTbhFxMNILObCVfedOBAxo3Gt/b02N8iwBkpZc5VPSgjUJdjFiud5tZ yv+Om9yr1tzVHx0MhmZviYaYXQCadI+ZcU2HxY0BKMMwWCwj58zkWB0DrOic/nVA EwZELk4VGg+pGs4FhPBsaSHoRkxGqslT6zjjohAaW0IzOsGnGPalbFxbo/0sMWAQ x88rEWlo =42jU
-----END PGP SIGNATURE-----