RFC2350

Jogja PGCSIRT RFC 2350

  1. Document Information

This document contains a description of Jogja PGCSIRT according to RFC 2350. It provides basic information about the Jogja PGCSIRT, the ways it can be contacted, describes its responsibilities and the services offered.

1.1. Date of Last Update

This is version 0.91 as of 07/03/2016. Indonesia date format is DD/MM/YYYY.

1.2. Distribution List for Notifications

There is no distribution list for notifications as of 01/04/2014.

1.3. Locations where this Document May Be Found

The current version of this document can always be found at:

http://pgcsirt.jogjaprov.go.id/rfc-2350/

For validation purpose, GPG signed ASCII version of this document is located at:

http://pgcsirt.jogjaprov.go.id/pgp-public-key/

The key used for signing is the Jogja PGCSIRT key as listed under section “2.8. Public Keys and Encryption Information”.

2. Contact Information

2.1. Name of the Team

Jogja PGCSIRT – Jogjakarta Provincial Government Computer Security Incident Response Team

2.2. Address

Bidang MI, Gedung Unit 7 Lantai 2,

Kompleks Kepatihan, Danurejan, Yogyakarta

2.3. Time Zone

We are located in Asia, Jakarta – Indonesia Western Time that is GMT+07:00. No daylight saving time.

2.4. Telephone Number

+62 274 563543

2.5. Facsimile Number

+62 274 563543

2.6. Other Telecommunication

No other telecommunication method.

2.7. Electronic Mail Address

Please send incident related reports to pgcsirt [at] jogjaprov.go.id

2.8. Public Keys and Encryption Information

Jogja PGCSIRT uses a master-signing key to sign all keys used for operational purposes. This trust anchor is:

—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2
Comment: A revocation certificate should follow

iQIfBCABCAAJBQJWFJZTAh0CAAoJENq5FwXIJK9EOngP/1Zs7wZ3J1R1nS8WVmkf
tiWclm9cRSKeRgjTkWobdUSgUfVQFbKNvsLzlilgQcv52/CdVqQiI5GbYLXSuBmZ
HBsoxRRf3KE29iSpCzzzNtCfqzWJcVAFRpmRAc9q8W83JhjTYcpbYVo1xCu//VAI
cUBqMqZOkOStb04zD+RgejBkqoXa3IiCo4VCWOr2t2mNcUnFyeXiWPf9hA3ssSVc
4TSsOlYi4yHUAdcXw9OF5FXuL1NhGlRGPBT5tgmr7V30RxGtTTctDyDCn6AigDK+
hlLobNE7KvOhqPku8fq9eBC7dkttynF9XJhpFrNXKhkko8tcmTOC7MK2PHX6237a
tbRn2Ghm4mT+zqOeBi81NzodrmYKMn6+PnJ8fOSQkIIXOPIWxggOzfkNQDTTYqVS
ruFj5KnwC3BgX5O4zFI+gw0q5p7pkDTlz4ZWVcyeyx5lsVzbzXOJUWNx36f5XsuZ
3UYqSuZgmk6G7r3rqnPbWxWycnAd/Y7R/6f6AaitIJST1XQEzj8A1x64FVb3fLIe
ELcHxUW21HdqmYH4oSUyZKx2s/qr5vCZ8HuZjQzEHvyyDQqjuznhmR754WqE5SeP
AW1GdE4ZxwUlhAUoIDZOPH8YzeeMqNZVv90yQCdFdmqZSsRxuY8qwumFk4E04Wzx
zgWGtOqW1T6ukgvbaqN32CB/
=4vtG
—–END PGP PUBLIC KEY BLOCK—–

Encrypted communications with Jogja PGCSIRT should use this – and only this – operational key.

2.9. Team Structure and Members

Next diagram shows the organization structure and members of Jogja PGCSIRT

member-eng

2.10. Other Information

None

2.11. Points of Customer Contact

Preferred method to contact Jpgja PGCSIRT is through e-mail. For incident reports and related issues, please directly use the address shown in “2.7 Electronic Mail Address”. This procedure creates a ticket number in our tracking system and alerts officer on duty.

If it is not possible – or advisable due to security reasons – to use e-mail, you can contact or reach us through fixed line – telephone shown in “2.4 Telephone Number”.

Jogja PGCSIRT’s operation is generally restricted to regular business hours:

Monday through Thursday: From 7:30 a.m. To 4:00 p.m.

Friday: From 7:30 a.m. To 2:30 p.m.

GMT +07:00 Asia, Jakarta – Indonesia Western Time

Excluding national holidays.

3. Charter

3.1. Mission Statement

Jogja CSIRT is organized to:

(1) Be the center for recording, reporting and handling of computer incident in DI Yogyakarta.

(2) Establish the environment and scheme to decrease the damage of computer security incidents within the constituency.

3.2. Constituency

The constituency consists of 46 departments which use local area network of provincial government of DI Yogyakarta. The 37 departments are:

Sekretariat Daerah
Biro Tata Pemerintahan
Biro Hukum
Biro Administrasi Kesejahteraan Rakyat dan Kemasyarakatan
Biro Administrasi Perekonomian dan Sumberdaya Alam
Biro Administrasi Pembangunan
Biro Organisasi
Biro Umum dan Protokol
Asisten Keistimewaan
Sekretariat DPRD
Badan Perencanaan Pembangunan Daerah
Inspektorat
Satuan Polisi Pamong Praja
Dinas Kebudayaan
Dinas Pertanahan dan Tata Ruang
Dinas Pendidikan, Pemuda dan Olah Raga
Dinas Kesehatan
Dinas Sosial
Dinas Perhubungan
Dinas Pekerjaan Umum, Perumahan dan Energi Sumber Daya Mineral
Dinas Pendapatan, Pengelolaan Keuangan dan Aset
Dinas Tenaga Kerja dan Transmigrasi
Dinas Pariwisata
Dinas Pertanian
Dinas Kehutanan dan Perkebunan
Dinas Kelautan dan Perikanan
Dinas Perindustrian dan Perdagangan
Dinas Koperasi, Usaha Mikro, Kecil dan Menengah
Dinas Komunikasi dan Informatika
Badan Kepegawaian Daerah
Badan Pendidikan dan Pelatihan
Badan Perpustakaan dan Arsip Daerah
Badan Pemberdayaan Perempuan dan Masyarakat
Badan Kerjasama dan Penanaman Modal
Badan Lingkungan Hidup
Badan Ketahanan Pangan dan Penyuluhan
Badan Kesatuan Bangsa dan Politik
Rumah Sakit Jiwa Grhasia
Rumah Sakit Paru Respira
Badan Penanggulangan Bencana Daerah
Sekretariat Parampara Praja
Kantor Perwakilan Daerah
Kantor Pelayanan Perizinan Terpadu Satu Pintu
Sekretariat Komisi Pemilihan Umum
Badan Narkotika Nasional Provinsi
Sekretariat Badan Pengawas Pemilihan Umum DIY

 

3.3. Sponsors and/or Affiliation

Jogja PGCSIRT is implemented in a department “Dinas Komunikasi Dan Informatika” and it’s fully funded by Provincial Government of DI Yogyakarta.

3.4. Authority

The authority of Jogja PGCSIRT is shared with the constituency, taking with them the necessary decision and actions to fulfill Jogja PGCSIRT’s mission.

4. Policies

4.1. Types of Incidents and Level of Support

Jogja PGCSIRT is authorized to address all types of cyber security related incidents which occurs at its constituency. Jogja PGCSIRT may act upon requests of one of its constituents or may act if one of its constituents is involved in a cyber-security related incident. The incidents are prioritized according to their apparent severity and extent. The relative severity of incidents is assessed at Jogja PGCSIRT’s discretion.

Note that no direct support is given to end users; they are expected to contact their system administrator, department’s IT administrator, or department head for assistance. The Jogja PGCSIRT supports the latter people.

4.2. Co-operations, Interaction and Disclosure of Information

Jogja PGCSIRT cooperates with other organizations in the field of cyber security and Internet infrastructure. And in some cases, Jogja PGCISRT requests technical support for incident’s forensic to id-SIRTII/CC (as the National CSIRT/CC of Indonesia) or GovCSIRT under KOMINFO (Ministry of Communication and Information Technology). Those engagements often require data or information exchange regarding to incident and issue. Nevertheless Jogja PGCSIRT committed to protect privacy of its constituency and therefore (under normal circumstances) only pass on limited and anonymized information to others party, unless some contractual agreements apply, for example Non-Disclosure Agreement (NDA).

We operate under restrictions imposed by applicable Indonesian law regarding to information classifications and protection. This involves handling procedures of personal data as required by Indonesian Data Protection law, but it is may be forced to disclose such information due to LEA investigation or by court’s order.

4.3. Communications and Authentication

For usual communication, not containing sensitive information, Jogja PGCSIRT uses conventional methods like unencrypted e-mail. For secure communication PGP-Encrypted e-mail or telephone/fax is used.

5. Services

5.1. Reactive Services

These services are offered in reaction to an occurring incident, be it detected by Jogja PGCSIRT or a constituency’s members.

5.1.1. Alerts and Warnings

Jogja PGCSIRT provides its constituency with information about ongoing attacks, security vulnerabilities, alerts in the general sense, and short-term recommended actions for dealing with the resulting problems

5.1.2. Incident Handling

Jogja PGCSIRT assists its constituency in handling the technical and organizational aspects of incidents. In particular, it provides assistance or advice with respect to the following aspects of incident handling

Triage (Incident analysis and prioritization)

– Determining whether an incident and the reporter are authentic.

– Assessing related information and prioritizing the incident.

Incident response support

Jogja PGCSIRT assists and guides the victim(s) of the attack in recovering from an incident over the phone, email or fax. This can involve followings.

– Technical assistance in the interpretation of data collected

– Providing contact information, or

– Replying guidance on workaround and recovery strategies.

Incident response on site

In some cases, Jogja PGCSIRT provides direct, on-site assistance to help constituents recover from an incident. The Jogja PGCSIRT itself physically analyzes the affected systems and assit the repair and recovery of the systems, instead of only providing incident response support by telephone or email.

Incident response coordination

This includes followings.

– If possible, determining the initial cause of the incident (vulnerability exploited)

– Request for technical support to id-SIRTII/CC or GovCSIRT, if necessary

– Facilitating contact with other sites which may be involved

– Facilitating contact with appropriate law enforcement officials, if necessary

– Exchange information with other CSIRTs

– Composing notification to users, if applicable

5.2. Proactive Services

These services aim to prevent incidents from happening and reduce their impact when they occur. They focus on medium- to long-term issues.

5.2.1. Announcements

This includes followings.

  • Intrusion alert
  • Vulnerability warnings
  • Security advisories

These announcements inform constituents about new threats with medium- to long-term impact, such as newly found vulnerabilities or intruder tools. Announcements enable constituents to protect their systems and networks against newly found problems before they can be exploited.

5.2.2. Technology Watch

Jogja PGCSIRT monitors and observes new technical developments, intruder activities, and related trends to help identification of future threats.

5.2.3. Configuration and Maintenance of Security Tools, Applications and Infrastructures

Jogja PGCSIRT configures and keeps maintaining Security Tools, Applications and Infrastructures not to cause the interruption of service provision.

6. Incident Reporting Forms

If possible, please make use of our Incident Reporting Form. Current version is available from:

http://pgcsirt.jogjaprov.go.id/pelaporan-insiden-3/

7. Disclaimers

While every precaution will be taken in the preparation of (those) information, alerts and notifications, Id-SIRTII/CC assumes will not take any responsibility for errors, omissions or damages resulting from the use of the information contained within.