Direkte kontakt

E-mail: dcis@teledcis.dk

Telefon: 82 13 08 06 (mellem 9 og 16)

Kontakt information

Axeltorv 6
1609 København V.

RFC 2350

The following profile of TeleDCIS CERT has been prepared in adherence to RFC 2350, Expectations for Computer Security Incident Response

1. Document Information

1.1 Date of Last Update
Version 1.0, Thu 21 March, 2024.

1.2 Distribution List for Notifications
Changes to this document are not distributed by a mailing list. Please address questions or remarks by e-mail to: dcis (at) teledcis.dk

1.3 Locations where this document may be found
The current version of this profile is always available at: https://www.teledcis.dk/kontakt/

2. Contact Information

2.1 Name of the Team

2.2 Address
Axeltorv 6. 1.tv
DK-1609 Copenhagen V

2.3 Time Zone
CET, Central European Time (UTC+1, between last Sunday in October and last Sunday in March)
CEST (also CET DST), Central European Summer Time (UTC+2, between last Sunday in March and last Sunday in October)

2.4 Telephone Number
+45 8213 0806 (Monday through Friday from 8 a.m. to 4 p.m.)

2.5 Other Telecommunication
Emergency SINE-Radio

2.6 Electronic Mail Address
cert (at) teledcis.dk

2.7 Public Keys and Encryption Information
TeleDCIS uses PGP for digital signatures and to receive encrypted information.
Address: cert (at) teledcis.dk
Key-ID: BEAF0552
Fingerprint: 1848 5F7C F3CA 97F2 F45C  68DB 774C 81B5 BEAF 0552

2.8 Team Members
A full list of TeleDCIS CERT team members is not publicly available. Team members will normally identify themselves to the reporting party in an official communication regarding an incident, but are not obligated to do so.

2.9 Other Information
General information about TeleDCIS CERT is available at https://www.teledcis.dk/

2.10 Points of Customer Contact
The main point of contact is the TeleDCIS CERT mail addresses:
dcis (at) teledcis.dk            : General contact e-mail address.
cert (at) teledcis.dk.           : E-mail address dedicated to incidents.
You may also call TeleDCIS CERT at +45 8213 0806 to report an incident. Our regular hours (local time in respect to public holidays in Denmark) are Monday through Friday from 8 a.m. to 4 p.m. Outside normal working hours we refer to the e-mail addresses.

2.11 Service Level Objectives

All inquiries will be answered within 2 hours of receipt during business hours which are 8 a.m. to 4 p.m. from Monday to Friday.

Inquiries received before and after business hours will be answerd next businees day + 2 hours (NBD+2).

3. Charter

3.1 Mission Statement
The primary task of the Telecommunications Sector’s Decentralized Cyber and Information Security Unit is to share, collect, and inform about relevant information security matters between the sector’s actors and the Center for Cybersecurity.

When a threat hits one company, it can quickly affect others and thus larger parts of society. A DCIS can help counteract this, among other things.
By sharing knowledge and information across companies, more eyes and ears are on the specific incidents and issues, and by cooperating, the overall security across the entire industry is lifted

3.2 Constituency

3.3 Sponsorship and/or Affiliation

3.4 Authority
TeleDCIS CERT handles incident response, coordinates action, performs internal and external scans of the institutions’ infrastructure and warns our constituency about cyber security events.

4. Policies

4.1 Types of Incidents and Level of Support
TeleDCIS CERT handles various types of security incidents. The level of support depends on the type of the incident and the severity as determined solely by the TeleDCIS CERT staff.

4.2 Co-operation, Interaction and Disclosure of Information
All incoming information is handled confidentially by TeleDCIS CERT, regardless of its priority. Information that is sensitive or classified is only communicated and stored in a secure environment, if necessary using encryption. TeleDCIS CERT will use the information obtained to help solve security incidents. Information will only be distributed to other teams and team members according to relevant legislation and on a need-to-know basis, preferably as anonymized data. TeleDCIS CERT uses the Traffic Light Protocol (TLP v2.0) for classifying information as well as the NATO/EU classification scheme if needed.

4.3 Communication and Authentication
E-mail is the preferred method of communication. When the content is sensitive or requires authentication, the TeleDCIS CERT PGP key is used for signing e-mail messages. All sensitive or confidential communication to TeleDCIS CERT should be encrypted using the team’s PGP key.

5. Services

5.1 Incident response
Incident response is provided as stated in “2.11 Points of Customer Contact”. TeleDCIS CERT will investigate incidents and coordinate responses from relevant stakeholders. This may include involvement of experts, tools and other capabilities to act, analyze and communicate with stakeholders and media.

5.1.1 Incident Triage
Investigating whether indeed an incident occurred.
Determining the extent of the incident.

5.1.2 Incident Coordination
Determining the initial cause of the incident.
Facilitating contact with other sites that may be involved.
Communicate with stakeholders and media.

5.1.3 Incident Resolution
Providing advice to the reporting constituent that may help remove the vulnerabilities that caused the incident and help secure the systems from the effects of the incidents.
Evaluate and give advice to stakeholders as to which actions are most suitable to provide desired results regarding the incident resolution.
Provide assistance in evidence collection and data interpretation when needed.
Evaluate the frequency, the amount and the severity of the incident for public warning.

5.2 Proactive Activities
TeleDCIS CERT provides information to its constituency such as news stories, articles, reports, advisories, fact sheets, and white papers in order to prevent or correct ICT related security incidents or to prepare for such incidents and reduce the impact.

5.3 DPO Service

5.4 Vulnerability scanning

6. Incident Reporting Forms
TeleDCIS CERT prefers to receive a detailed description of an incident via e-mail.

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, TeleDCIS CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.