top of page

CSIRT AvantSec - RFC 2350

Version: 1.0
Date: February 7, 2024

1. Document information

This document describes the CSIRT AvantSec according to RFC 2350.

 
1.1 Date of last update

February 7, 2024

 
1.2 Distribution list for notifications

There is no distribution list for notifications about updates to this document.

 
1.3 Places where this document can be found

The most current version of the document can be found at: https://www.avantdata.com.br/csirt.

2. Contact Information

2.1 Team name

English name:
CSIRT AvantSec - Computer Security Incident Response Team AvantSec.

 
2.2 Address

AvantSec
SMAS 3, set 3 - block D, rooms 6 and 8 - Ground Floor - Guará, Brasília - DF, 71215-300

2.3 Time zone

AvantSec is located in Brasília, Brazil, UTC-3.

2.4 Telephone

Not applicable. Incident notifications will only be accepted via email.

2.5FAX number

Not applicable.

2.6 Other telephone contacts

Not applicable.

2.7 Email address

Contact with the team must be made via csirt@avantsec.com.br.

2.8 Public keys and encryption information

The CSIRT AvantSec PGP key is valid annually and is generated in February. The key can be foundhere.

 

2.9 Team Members

No public information about CSIRT AvantSec members will be provided.

2.10 Other information

For more information on how to contact AvantSec:
https://www.avantdata.com.br/.

2.11 Points of customer contact

To contact CSIRT AvantSec about incidents relating to the infrastructure and products offered, send an email to <csirt@avantsec.com.br>.

AvantSec operates from Monday to Friday from 09:00 to 18:00, UTC-3.

3. Charter

3.1 Mission statement

In view of the need for responses to cyber incidents, relating to AvantSec's infrastructure, as well as CSIRT services provided to external customers, through one of the following offers:

  1. AvantData for CSIRT;

  2. AvantData for MDR;

  3. AvantData for SOC.

The CSIRT AvantSec Cyber Incident Response Team has been established.

3.2 Constituency

AvantSec infrastructure, as well as CSIRT services provided to external customers, through one of the following offers:

  1. AvantData for CSIRT;

  2. AvantData for MDR;

  3. AvantData for SOC.

AvantSec analyzes, coordinates and responds to incidents related to its infrastructure and all the products it offers.

3.3 Sponsorship and/affiliation

Not applicable.

3.4 Authority

CSIRT AvantSec operates under the authority of the AvantSec board of directors.

4. Guidelines

4.1 Types of incidents and level of support

CSIRT AvantSec is authorized to address all types of security incidents related to its constituency, including its internal infrastructure and products from the AvantSec portfolio.

The level of support will vary depending on the type of incident, priority and severity of the data involved. However, in all cases, a response will be sent within 2 (two) business days.

4.2 Cooperation, interaction and disclosure of information

CSIRT AvantSec considers all information received to be confidential.

Information that is needed by other CSIRTs or external teams will be exchanged based on a “need-to-know” policy.

No personal information will be exchanged unless explicitly authorized.

4.3 Communication and authentication

CSIRT AvantSec only accepts data and information sent by email.

Unencrypted emails will not be considered secure, however, they will be sufficient for transmitting data that is not considered sensitive.

5. Services

5.1 Incident response

CSIRT AvantSec will provide assistance to internal teams when dealing with the technical and organizational aspects of cyber incidents relating to the infrastructure and products offered by AvantSec.

5.1.1. Incident triage

CSIRT AvantSec will assist in validating incidents, as well as evaluating, prioritizing tasks and defining their extent.

5.1.2. Incident coordination

During coordination, CSIRT AvantSec is responsible for:

  • Determine the initial cause of the incident

  • Facilitate contact between those involved

  • Contact the law enforcement or police force

  • Write ads for users and the general public

  • Ensure adequate sharing of threat information, aiming at protective measures.

5.1.3.Incident resolution

In relation to the resolution of security incidents, CSIRT AvantSec is responsible for:

  • Help remove the vulnerability

  • Help contain the damage

  • Collect evidence of the incident

  • Help assure systems from the effects of the incident.

5.2 Proactive activities

Services offered by CSIRT AvantSec:

  • Monitor incidents;

  • Vulnerability testing

  • Trainings

  • Threat detection development and engineering

6. Incident Report Forms

There are no forms available. Please see section 2.7.

7. Legal notice

Every precaution is taken when preparing information and notifications, however, CSIRT AvantSec assumes no responsibility for errors or omissions or for damages arising from the use of the information made available.
 

 Copyright AvantData 2023. All rights reserved

SMAS 3, set 3 - block D, rooms 6 and 8 - Ground Floor - Guará, Brasília - DF, 71215-300

  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
bottom of page