CSIRT Description for Polish Gas Company Security Operations Center (PSG SOC)
=================================


1. About this document
This document describes role of the PSG SOC in accordance with RFC 2350.
This document provides basic information about the team, ways to contact, describes responsibilities and services offered.

1.1 Date of Last Update

This is version 2.0, published on 2021-04-01.

1.2 Distribution List for Notifications

Currently PSG SOC does not use any distribution lists to notify about changes in this document.

1.3 Locations where this Document May Be Found

The current version of this document is available on https://www.psgaz.pl/cyberbezpieczenstwo

1.4 Authenticating this document

This document has been digitally signed by PSG SOC PGP Key.

2. Contact Information

2.1 Name of the Team

Polish Gas Company Security Operations Center (PSG SOC)

2.2 Address

Polska Spółka Gazownictwa sp. z o.o.
ul. Wojciecha Bandrowskiego 16
33-100 Tarnów
Polska

2.3 Time Zone

Central European Time (CET) - UTC+1
UTC + 2 from April to October)

2.4 Telephone Number

None

2.5 Facsimile Number

None

2.6 Other Telecommunication

None

2.7 Electronic Mail Address

soc@psgaz.pl

2.8 Public keys and Other Encryption Information

PSG SOC has a PGP key, which fingerprint is FDFE868D66E977ADC93B2D53DFA217119C13594C

2.9 Other Information

None

2.10 Points of Customer Contact

PSG SOC prefers to receive information about incidents via e-mail and internal ticketing system.
PSG SOC business hours (08:00-16:30 Monday to Friday except holidays) 

3. Charter

3.1 Mission Statement

Building PSG competences and capabilities in identifying and responding to cyber security threats, as well as supporting PSG employees in coping with broadly understood security threats. 

3.2 Consituency
	
The PSG SOC only supports Polish Gas Company and their employees.

3.3 Sponsorship and/or Affiliation

The PSG SOC operates within the Support Department with own financing.

3.4 Authority

The authority of PSG SOC, especially the responsibility and team rights were regulated in internal regulations of the company.

4. Policies

4.1 Types of Incidents and Level of Support

By default, all registered events have standard priority. Incidents involving key service systems and personal data processing are handled with the highest priority.

4.2 Co-operation, Interaction and Disclosure of Information

PSG SOC declares that all information related to incidents handled is considered Confidential. Information evident to be sensitive or that may be harmful is handled only in a secure environment and encrypted in storage and in transit.
When reporting an incident and providing sensitive information, please use encryption or contact PSG SOC to arrange different channel of secure communication.

The PSG SOC cooperates with selected organizational units of the company depending on the nature of the incident.
Cooperation also takes place at Polish Gas and Oil Company level, in particular with the CERT PGNiG.
In accordance with the provisions of the Act on the National Cybersecurity System, the PSG SOC is obliged to cooperate with entities of the national cybersecurity system.
Information related to incident handling is made available to selected persons in accordance with the need to know principle.
The PSG SOC use the TLP protocol classification when needed.

4.3 Communication and Authentication

Due to the security controls used, information exchanged within internal network does not require additional authentication and encryption methods.

Information related to incidents handling exchanged with external entities must be protected in terms of confidentiality and integrity, for example by using PGP Keys.

PSG SOC reserves the right to verify the authenticity of information or its source to the extent allowed by the law.

5. Services

5.1 Incident Response

Team main goal is to implement reactionary activities, including handling and management of security incidents and their classification (triage).
The process of incidents response is described in internal regulations.

5.1.1 Incident Triage

Each handled event is analyzed for being incident.
Incidents related to key service systems or personal data processing are handled with the highest priority.

5.1.2 Incident Coordination

The Security Department is responsible for the coordination of incident handling, especially by the cybersecurity unit in the field of ICT security incidents.

5.1.3 Incident handling
	
The incident resolution is recorded in the security incident register.
Incidents related to the violation of generally applicable law are reported to the appropriate authorities.

5.1.4 Other reactionary measures
	
Monitoring of systems and infrastructure used to provide the key service.
Warning and alerting about ICT security threats.
Technical vulnerability assesment.
Malware analysis and digital forensics.

5.2 Proactive Services

E-mail newsletters related to ICT security threats.
Monitoring of technologies and ICT security solutions.
Tracking information about new technical vulnerabilities.
Security assessment and audit.
Distribution of information related to security.
	
5.3 Research and Development

Building security awareness among employees.
Consultations in the field of IT security.
Evaluation of products and solutions in terms of safety.
IT security training.

6. Incident Reporting Forms

Internal ticketing system is our default mean of incident reporting.
It is allowed to report events via e-mail, phone or in person in accordance with internally applicable regulations.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts.
PSG SOC assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
