CIBERSECURITY
SEIDOR | CSIRT RFC 2350
The first private CSIRT specialized in providing response to SAP and Microsoft clients at a national and international level.
CIBERSECURITY
SEIDOR | CSIRT RFC 2350
The first private CSIRT specialized in providing response to SAP and Microsoft clients at a national and international level.
SEIDOR | CSIRT
SEIDOR | CSIRT operates through a SOC and its specialized incident response team. We are certified at the National Security Framework at a high level (ENS) and in UNE-ISO 27001 (Information Security Management System).
Mission
SEIDOR | CSIRT is a private Incident Response Center created by SEIDOR to coordinate and respond to cybersecurity threats affecting the company, its subsidiaries, and clients, whether they are public or private entities. Its main mission is to implement human, technical, and technological measures to reduce the risk of security incidents and respond when necessary to all infrastructures, systems, and services within its scope.
SEIDOR | CSIRT is born with a firm commitment to support the CSIRT community for a global response to threats that endanger the security of all entities providing services to businesses, institutions, and the public.
To achieve these objectives, SEIDOR | CSIRT performs various tasks, including:
- Defining security alerts based on customized requirements.
- Continuous analysis and management of vulnerabilities.
- Dashboard monitoring of service evolution.
- Security improvement recommendations.
- Collection and analysis of information from various sources regarding new vulnerabilities and threats.
- Communication of relevant intelligence to beneficiaries within their operational context.
- Distribution of technical information about incidents with other CSIRTs.
- Security event monitoring and incident detection.
To achieve these goals, SEIDOR | CSIRT adheres to the following values from its inception:
- Compliance with legal regulations.
- Monitoring and application of best practices associated with each productive and operational environment, with continuous improvement in the designated repository.
- Thorough auditing of risk management specific to the services offered, involving other CSIRTs to share status and unite efforts for community improvement.
- Providing the greatest sense of well-being to service beneficiaries, creating an optimal, assessable, and modifiable environment of trust and security.
- Strict and timely execution of defined internal and external audits, ensuring excellent compliance with quality and security standards in each cataloged service.
- Creation and maintenance of communication processes and periodic evaluation of the needs of internal and external service clients within an ongoing improvement process.
Scope
SEIDOR | CSIRT services are directed at all SEIDOR departments and external companies and institutions subscribing to them.
Affiliation
SEIDOR | CSIRT is sponsored by SEIDOR S.A.
Authority
SEIDOR | CSIRT operates within SEIDOR under the authority of the Corporate Cybersecurity Office of SEIDOR and its Corporate Information Security Officer, personalized in the role of the Global CSO/CISO. Regarding external clients, subject to client/company agreements, SEIDOR | CSIRT acts as a security consultant for these clients and has no authority over them. Therefore, the implementation of provided recommendations is solely the responsibility of the client.
Policies
Types of incidents and support level
SEIDOR | CSIRT provides support for information incidents that may affect the integrity, availability, and confidentiality of information managed by the systems and processes of its service beneficiaries. The supported incident types align with the security incident typologies published by the National Cryptologic Center of Spain, CCN-CERT: CCN-STIC 817 - Incident Management
All confirmed incidents are classified based on their typology and severity, with responses prioritized according to the results of this classification.
SEIDOR | CSIRT does not provide direct support to end-users external to SEIDOR, as it is expected that these users will contact their own security services. All communications between SEIDOR | CSIRT and its external beneficiaries will be channeled through the designated contacts defined in the service contract.
The level of support provided will depend on the contractual conditions of the service and the incident's typology, impact, severity, and/or complexity. The intervention of higher-level CSIRTs associated with different administrations and/or state services may be necessary.
Cooperation, interaction, and information distribution
SEIDOR | CSIRT may interact with other organizations, such as other CERT or CSIRT teams, providers, analysts, and intelligence generators, among others.
Within the Spanish national scope, the referenced CERT organizations are as follows:
- For citizens, private sector organizations, and businesses, INCIBE-CERT is designated as a reference.
- For public organizations and companies, CCN-CERT is designated as a reference.
Necessary contacts have been initiated to establish union and bidirectional communication with various national and international CSIRTs, with a schedule of actions to achieve this goal as soon as possible.
SEIDOR | CSIRT adheres to the following guidelines for handling and selecting shared information:
- Apply technical and legal measures indicated in this document for information protection at all times.
- Anonymize shared information and selectively choose only relevant data for incident resolution within it.
- Respect the assigned level of confidentiality to the information.
- Do not share confidential information with other parties without prior agreement and authorization from the owner. This guideline applies in all cases where there is no higher legal or regulatory obligation to share the information.
- Protect the privacy of personal information. Although, in general, personal data will never be shared, if necessary, and within the cases covered by the GDPR, explicit authorization will be sought from the data subject.
- Cease the distribution of information at the moment the client-owner of the information notifies the denial of permission for it; this point is also based on the GDPR.
Communication and authentication
SEIDOR | CSIRT applies protection measures to the information it handles based on its nature and classification, with references including the GDPR, the National Security Framework of the Government of Spain, the European NIS Directive, Royal Decree 12/2018, of September 7, and Royal Decree 43/2021, of January 26.
Additionally, the FIRST TLP v1.1 protocol is used internally and externally for the classification and labeling of documents in communications and documentation.
Considering the types of information that SEIDOR | CSIRT deals with, phones will be considered secure enough to be used even without encryption. Unencrypted email will not be considered particularly secure but will be sufficient for the transmission of low-sensitive data.
As reported in the previous points regarding the encryption of shared information, data will be encrypted using the PGP keys of the senders and receivers.
When it is necessary to establish a relationship of trust, and before disclosing confidential information, the identity of the other party will, whenever possible, use references from known and trusted third parties and/or organizations as a means of accreditation. Otherwise, appropriate methods will be used, such as searching for FIRST members or the Trusted Introducer database and conducting a callback or sending an email to ensure the identity of the other parties.
Services provided
Reactive Activities
- Cybersecurity Monitoring: SEIDOR | CSIRT provides monitoring, detection, analysis, classification, coordination, and support services in early incident response.
- These services are delivered through support and collaboration with other IT groups of the beneficiaries.
- DFIR - Incident Response Team: SEIDOR | CSIRT has a specialized Incident Response Team (DFIR) to act when a situation of incident is declared.
Proactive activities
- Alerts and notifications: SEIDOR | CSIRT distributes intelligence information related to detected malicious campaigns, new threats, compromise indicators, etc., as well as recommendations on actions to be taken in response to them.
- Security Audits of CSIRT Scope Services: SEIDOR | CSIRT offers review and improvement services for information security management based on recognized frameworks, as well as vulnerability analysis, risk monitoring, and intelligence management for prevention against threats. The service provided will cover systems within the CSIRT's scope.
- Awareness and Training: SEIDOR | CSIRT provides these services through informative workshops, along with the dissemination of news to its beneficiaries, covering best practices, information security, news, the emergence of new vulnerabilities, etc.
- Development of Security Solutions: SEIDOR | CSIRT will carry out developments that allow improvement in monitoring and response to security incidents, mainly in SAP and Microsoft Corp environments. These tools, along with other CSIRT-related developments, aim to achieve improvements in the information security management of its beneficiaries.
Incident report forms
For service communications, formats agreed upon by the participating parties and/or generally recognized by the sector are used.
Disclaimer
While every precaution will be taken in the preparation of information, notifications, and alerts, SEIDORCSIRT assumes no responsibility for errors or omissions, nor for damages resulting from the use of the information provided during the execution of its services.