CSIRT Description for VOID SOC


1. Document Information
This document provides formal description of the VOID SOC based on RFC2350.
The document provides basic information about the team, the ways it can be contacted, describes its constituency, responsibilities and the offered services.

1.1. Date of Last Update
This is version 1.0, published on July 1st, 2019

1.2. Distribution List for Notifications
There is no distribution list for notifications about changes in this document.

1.3. Locations where this Document May be Found
The current version of this SOC description document is available on the VOID SOC site; its URL is: https://voidsoc.com/rfc_2350.txt Please make sure you are using the latest version of this document.


2.Contact Information

2.1. Name of the Team
VOID SOC

2.2. Address
VOID SOC
SOITRON 
Plynarenska 5
829 75 Bratislava 25
Slovak republic

2.3. Time Zone
CET, Central European Time (UTC+1, from the last Sunday in October to the last Saturday in March)
CEST, Central European Summer Time (UTC+2, from the last Sunday in March to the last Saturday in October)

2.4. Telephone Number
+421 2 58224 110

2.5. Fax Number
Not available at the present.

2.6. Other Telecommunication
Not available at the present.

2.7. Electronic Mail Address
Official e - mail address: info(at)voidsoc.com
Address for incident reporting: incident(at)voidsoc.com

2.8. Public Keys and Encryption Information
PGP/GnuPG is supported for secure communication.
VOID SOC PGP Key ID: 0xf8ec0e71a2f6c71f
VOID SOC PGP Key Fingerprint: F84A 4040 E07E 2556 7818 B2BD F8EC 0E71 A2F6 C71F
The current VOID SOC team - key can be found on: https://voidsoc.com/Void_SOC_Public.asc  
Please use this key when you want/need to encrypt messages that you send to VOID SOC. When due, VOID SOC will sign messages using the same key. When due, sign your messages using your own key please - it helps when that key is verifiable using the public key - servers.

2.9. Team Members
A complete list of VOID SOC members is not publicly available. If necessary, members of VOID SOC will identify themselves in particular situations, like incident reporting, response, coordination, support etc.

2.10. Other Information
General information about VOID SOC can be found at: https://voidsoc.com

2.11. Points of Customer Contact
Regular cases: the preferred method for contacting VOID SOC is via e-mail incident@voidsoc.com (in case of incident reports) and info(at)voidsoc.com (in other cases)
Regular response hours: 24/7 service

EMERGENCY cases: if it is not possible (or not advisable for security reasons) to use an e-mail, the VOID SOC can be reached by emergency telephone number: +421 905 541 427.


3. Charter

3.1. Mission Statement
VOID SOC is SOC team powered by Soitron. VOID SOC's mission is to provide SOC services, as well as distributing information. VOID SOC performs the following tasks:
- is a Point of Contact for clients and other partners,
- provides SOC services
- maintains relations and communicates with partners, and with the community of CERT/CSIRT teams, and with organisations supporting the community,
- provides security services such as:
	- proactive actions to prevent cyber security incidents, to prepare for such incidents and reduce the impact,
	- coordination in case of cyber security incidents,

VOID SOC also handles incidents that originate in networks of customers and are reported to the team by any person or institution.

3.2. Constituency
The VOID SOC team constituency are networks of Soitron company and their client networks under active VoidSOC support contract.

3.3. Sponsorship and/or Affiliation
VOID SOC team is operated by Soitron.

3.4. Authority
The main authority of VOID SOC is coordinate and support incident response for their constituency for Soitron and their clients.


4. Policies

4.1. Types of Incidents and Level of Support
VOID SOC provides services in incident handling for their constituency and a level of support depending on the type and severity of the incident and the type of constituent. Modus of incident handling and response also depends on actual personal and technical resources and condition of VOID SOC.
Incidents will be prioritised according to their apparent severity.

End users of client network are expected to contact their network/system/service administrator for assistance.
No support will be given to the end users.

4.2. Co-operation, Interaction and Disclosure of Information
VOID SOC communicates and cooperates with other CSIRTs. VOID SOC exchanges all necessary information with constituents, partners and other CSIRTs. Incident handling and information sharing is done based on priority and sensitivity, within boundaries of established law and restrictions in Data Protection law.
Encryption is used when dealing with sensitive data and information. VOID SOC supports the Information Sharing Traffic Light Protocol (ISTLP) - information that comes with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

4.3. Communication and Authentication
For regular communication (not containing sensitive information) VOID SOC uses unencrypted email or phone. For secure communication PGP encrypted communication is used.


5. Services

5.1 Incident response
Incident response by VOID SOC is based on cooperation and support to handling computer security incident, distribute all important information to constituents and partners and provide all necessary steps to reduce the impact of incident. In incident response Void SOC respect these aspects:

5.1.1. Incident Triage

Investigating whether indeed an incident is authentic.
Investigating whether an incident is still relevant.
Determining the extent of the incident.
Prioritizing the incident.

5.1.2. Incident Coordination

Determining the initial cause of the incident.
Determining the involved organizations and maintaining contact with them.
Investigating the incident and take the appropriate steps in cooperation with involved organizations.
Facilitating contact to other parties which can help resolve the incident.
Facilitating contact with other sites which may be involved.
Facilitating contact with appropriate law enforcement officials, media if necessary.

5.1.3. Incident Resolution

Providing advice to the local security teams on appropriate actions.
Follow up on the progress of the concerned local security teams.
Collecting or providing assitance in collecting the evidence of the incident.
Sharing all important information with constituents and partners.

VOID SOC will give advice, can established cooperation and communication between involved parties, but no physical support. VOID SOC also collects statistics about reported incidents and their solving.

5.2. Proactive Activities
VOID SOC is performing steps in proactive services, mainly in the form of preventive measures. That includes:

Announcements about existing vulnerabilities, hacking methods and malware types.
Intrusion detection.
Information dissemination.
Technology watch.
Cooperation with other SOC/CSIRT teams.
Threats Monitoring in cyberspace.
Education and awareness raising in the field of information security for clients.
Consultancy services for clients.


6. Incident Reporting Forms
If possible, write an e-mail with detailed description of the incident to incident(at)voidsoc.com.


7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, VOID SOC assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.