Jogja PGCSIRT RFC 2350
This document contains a description of Jogja PGCSIRT according to RFC 2350. It provides basic information about the Jogja PGCSIRT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1. Date of Last Update
This is version 0.91 as of 07/03/2016. Indonesia date format is DD/MM/YYYY.
1.2. Distribution List for Notifications
There is no distribution list for notifications as of 01/04/2014.
1.3. Locations where this Document May Be Found
The current version of this document can always be found at:
For validation purpose, GPG signed ASCII version of this document is located at:
The key used for signing is the Jogja PGCSIRT key as listed under section “2.8. Public Keys and Encryption Information”.
2. Contact Information
2.1. Name of the Team
Jogja PGCSIRT – Jogjakarta Provincial Government Computer Security Incident Response Team
Bidang MI, Gedung Unit 7 Lantai 2,
Kompleks Kepatihan, Danurejan, Yogyakarta
2.3. Time Zone
We are located in Asia, Jakarta – Indonesia Western Time that is GMT+07:00. No daylight saving time.
2.4. Telephone Number
+62 274 563543
2.5. Facsimile Number
+62 274 563543
2.6. Other Telecommunication
No other telecommunication method.
2.7. Electronic Mail Address
Please send incident related reports to pgcsirt [at] jogjaprov.go.id
2.8. Public Keys and Encryption Information
Jogja PGCSIRT uses a master-signing key to sign all keys used for operational purposes. This trust anchor is:
—–BEGIN PGP PUBLIC KEY BLOCK—–
Version: GnuPG v2
Comment: A revocation certificate should follow
—–END PGP PUBLIC KEY BLOCK—–
Encrypted communications with Jogja PGCSIRT should use this – and only this – operational key.
2.9. Team Structure and Members
Next diagram shows the organization structure and members of Jogja PGCSIRT
2.10. Other Information
2.11. Points of Customer Contact
Preferred method to contact Jpgja PGCSIRT is through e-mail. For incident reports and related issues, please directly use the address shown in “2.7 Electronic Mail Address”. This procedure creates a ticket number in our tracking system and alerts officer on duty.
If it is not possible – or advisable due to security reasons – to use e-mail, you can contact or reach us through fixed line – telephone shown in “2.4 Telephone Number”.
Jogja PGCSIRT’s operation is generally restricted to regular business hours:
Monday through Thursday: From 7:30 a.m. To 4:00 p.m.
Friday: From 7:30 a.m. To 2:30 p.m.
GMT +07:00 Asia, Jakarta – Indonesia Western Time
Excluding national holidays.
3.1. Mission Statement
Jogja CSIRT is organized to:
(1) Be the center for recording, reporting and handling of computer incident in DI Yogyakarta.
(2) Establish the environment and scheme to decrease the damage of computer security incidents within the constituency.
The constituency consists of 46 departments which use local area network of provincial government of DI Yogyakarta. The 37 departments are:
Biro Tata Pemerintahan
Biro Administrasi Kesejahteraan Rakyat dan Kemasyarakatan
Biro Administrasi Perekonomian dan Sumberdaya Alam
Biro Administrasi Pembangunan
Biro Umum dan Protokol
Badan Perencanaan Pembangunan Daerah
Satuan Polisi Pamong Praja
Dinas Pertanahan dan Tata Ruang
Dinas Pendidikan, Pemuda dan Olah Raga
Dinas Pekerjaan Umum, Perumahan dan Energi Sumber Daya Mineral
Dinas Pendapatan, Pengelolaan Keuangan dan Aset
Dinas Tenaga Kerja dan Transmigrasi
Dinas Kehutanan dan Perkebunan
Dinas Kelautan dan Perikanan
Dinas Perindustrian dan Perdagangan
Dinas Koperasi, Usaha Mikro, Kecil dan Menengah
Dinas Komunikasi dan Informatika
Badan Kepegawaian Daerah
Badan Pendidikan dan Pelatihan
Badan Perpustakaan dan Arsip Daerah
Badan Pemberdayaan Perempuan dan Masyarakat
Badan Kerjasama dan Penanaman Modal
Badan Lingkungan Hidup
Badan Ketahanan Pangan dan Penyuluhan
Badan Kesatuan Bangsa dan Politik
Rumah Sakit Jiwa Grhasia
Rumah Sakit Paru Respira
Badan Penanggulangan Bencana Daerah
Sekretariat Parampara Praja
Kantor Perwakilan Daerah
Kantor Pelayanan Perizinan Terpadu Satu Pintu
Sekretariat Komisi Pemilihan Umum
Badan Narkotika Nasional Provinsi
Sekretariat Badan Pengawas Pemilihan Umum DIY
3.3. Sponsors and/or Affiliation
Jogja PGCSIRT is implemented in a department “Dinas Komunikasi Dan Informatika” and it’s fully funded by Provincial Government of DI Yogyakarta.
The authority of Jogja PGCSIRT is shared with the constituency, taking with them the necessary decision and actions to fulfill Jogja PGCSIRT’s mission.
4.1. Types of Incidents and Level of Support
Jogja PGCSIRT is authorized to address all types of cyber security related incidents which occurs at its constituency. Jogja PGCSIRT may act upon requests of one of its constituents or may act if one of its constituents is involved in a cyber-security related incident. The incidents are prioritized according to their apparent severity and extent. The relative severity of incidents is assessed at Jogja PGCSIRT’s discretion.
Note that no direct support is given to end users; they are expected to contact their system administrator, department’s IT administrator, or department head for assistance. The Jogja PGCSIRT supports the latter people.
4.2. Co-operations, Interaction and Disclosure of Information
Jogja PGCSIRT cooperates with other organizations in the field of cyber security and Internet infrastructure. And in some cases, Jogja PGCISRT requests technical support for incident’s forensic to id-SIRTII/CC (as the National CSIRT/CC of Indonesia) or GovCSIRT under KOMINFO (Ministry of Communication and Information Technology). Those engagements often require data or information exchange regarding to incident and issue. Nevertheless Jogja PGCSIRT committed to protect privacy of its constituency and therefore (under normal circumstances) only pass on limited and anonymized information to others party, unless some contractual agreements apply, for example Non-Disclosure Agreement (NDA).
We operate under restrictions imposed by applicable Indonesian law regarding to information classifications and protection. This involves handling procedures of personal data as required by Indonesian Data Protection law, but it is may be forced to disclose such information due to LEA investigation or by court’s order.
4.3. Communications and Authentication
For usual communication, not containing sensitive information, Jogja PGCSIRT uses conventional methods like unencrypted e-mail. For secure communication PGP-Encrypted e-mail or telephone/fax is used.
5.1. Reactive Services
These services are offered in reaction to an occurring incident, be it detected by Jogja PGCSIRT or a constituency’s members.
5.1.1. Alerts and Warnings
Jogja PGCSIRT provides its constituency with information about ongoing attacks, security vulnerabilities, alerts in the general sense, and short-term recommended actions for dealing with the resulting problems
5.1.2. Incident Handling
Jogja PGCSIRT assists its constituency in handling the technical and organizational aspects of incidents. In particular, it provides assistance or advice with respect to the following aspects of incident handling
Triage (Incident analysis and prioritization)
– Determining whether an incident and the reporter are authentic.
– Assessing related information and prioritizing the incident.
Incident response support
Jogja PGCSIRT assists and guides the victim(s) of the attack in recovering from an incident over the phone, email or fax. This can involve followings.
– Technical assistance in the interpretation of data collected
– Providing contact information, or
– Replying guidance on workaround and recovery strategies.
Incident response on site
In some cases, Jogja PGCSIRT provides direct, on-site assistance to help constituents recover from an incident. The Jogja PGCSIRT itself physically analyzes the affected systems and assit the repair and recovery of the systems, instead of only providing incident response support by telephone or email.
Incident response coordination
This includes followings.
– If possible, determining the initial cause of the incident (vulnerability exploited)
– Request for technical support to id-SIRTII/CC or GovCSIRT, if necessary
– Facilitating contact with other sites which may be involved
– Facilitating contact with appropriate law enforcement officials, if necessary
– Exchange information with other CSIRTs
– Composing notification to users, if applicable
5.2. Proactive Services
These services aim to prevent incidents from happening and reduce their impact when they occur. They focus on medium- to long-term issues.
This includes followings.
- Intrusion alert
- Vulnerability warnings
- Security advisories
These announcements inform constituents about new threats with medium- to long-term impact, such as newly found vulnerabilities or intruder tools. Announcements enable constituents to protect their systems and networks against newly found problems before they can be exploited.
5.2.2. Technology Watch
Jogja PGCSIRT monitors and observes new technical developments, intruder activities, and related trends to help identification of future threats.
5.2.3. Configuration and Maintenance of Security Tools, Applications and Infrastructures
Jogja PGCSIRT configures and keeps maintaining Security Tools, Applications and Infrastructures not to cause the interruption of service provision.
6. Incident Reporting Forms
If possible, please make use of our Incident Reporting Form. Current version is available from:
While every precaution will be taken in the preparation of (those) information, alerts and notifications, Id-SIRTII/CC assumes will not take any responsibility for errors, omissions or damages resulting from the use of the information contained within.