-----BEGIN PGP SIGNED MESSAGE-----
1. Document Information
This document describes Sport Lisboa e Benfica's Information Security Incident Response coordination service according to RFC 2350.
1.1 Date of Last Update
Version 2, last updated on 21/09/2020.
1.2 Distribution List for Notifications
There is no distribution channel to notify changes to this document.
1.3 Document Location
The updated version of this document is available at https://www.slbenfica.pt/en-us/csirt/
1.4 Authentication of this Document
This document is signed with the Benfica CSIRT PGP key.
2. Contact informationo
2.1 Name of the Team
Estádio do Sport Lisboa e Benfica – Porta 18
Av. Eusébio da Silva Ferreira 1500-313 LISBOA, PORTUGAL
2.3 Time Zone
Portugal/WEST (GMT+0, GMT+1 Summer Time)
2.4 Telephone Number
+351 217 219 500
2.5 Other Telecomunications
2.6 Email Address The email address for notification of security incidents is email@example.com.
2.7 Public Keys and Other Encryption Information
PGP Key ID: 3879B353
PGP Fingerprint: B961 3E1D B44E 7DCF 7F58 29E7 937E A696 3879 B353
The key is available at: https://pgp.circl.lu/pks/lookup?op=vindex&fingerprint=on&search=0x937EA6963879B353
2.9 Team Members
2.10 Other Information
More information about CSIRT SLB can be found at https://www.slbenfica.pt/pt-pt/csirt/.
2.11 Points of Customer Contact CSIRT SLB has the contacts listed in sections 2.2 and 2.4 to 2.7.
3.1 Mission Statement
Benfica CSIRT is responsible for monitoring, detecting and responding to information security incidents in the community served.
Forensic audits and security awareness are also the responsibility of Benfica CSIRT.
Benfica CSIRT is responsible for responding to information security incidents related to employees, assets and all domains of Sport Lisboa e Benfica, namely: Domain and subdomains slbenfica.pt, benficaplay.pt, museubenfica.pt, 126.96.36.199/32, 188.8.131.52/32, 184.108.40.206/29, 220.127.116.11/27, 18.104.22.168/27.
3.3 Sponsoring Organization / Affiliation
Benfica CSIRT is a team from Sport Lisboa e Benfica.
Benfica CSIRT is mandated by the CSSO (Chief Safety & Security Officer) of Sport Lisboa e Benfica.
4.1 Types of Incident and Levels of Support
Benfica CSIRT responds to all types of Information Security incidents, namely those that result in a security breach of the following types:
a) Malicious Code
c) Collection of Information
d) Intrusion Attempt
f) Information Security
h) Abusive Content
4.2 Cooperation, Interaction and Disclosure of Information
The internal policies of Sport Lisboa e Benfica provide that sensitive information can be passed on to third parties, solely and exclusively in case of need and with the prior and express authorization of the individual or entity to whom that information relates.
4.3 Communication and Authentication
From the communication channels provided by Benfica CSIRT, the phone and email unencrypted are considered sufficient for the transmission of non-sensitive information.
Sensitive data sent by email must be encrypted by the Benfica CSIRT PGP key.
5.1 Incident Response
Benfica CSIRT will assist in the technical and organizational details of security incidents. In particular, it will provide assistance and advice in coordinating incidents.
5.2 Incident Triage
Confirmation of the veracity of a reported Incident will determine its criticality and priority.
5.3 Incident Coordination
Identification of the root cause of the Security Incident, facilitating contact with third parties and judicial authorities.
Benfica CSIRT will also report to and collaborate with other national and international CSIRTs.
5.4 Incident Resolution Correction of vulnerabilities, removal of preventive measures and preservation of data collected during previous phases.
5.5 Proactive Activities
Benfica CSIRT performs the following activities:
Security Tools; Awareness, Education and Training; and Regular community alerts.
6. Incident Reporting Form
There are currently no forms available, the security incident reports must contain all relevant information relevant to the event and sent to the Benfica CSIRT email address.
Although all precautions are taken in the preparation of the information disclosed either on the Internet portal or via the website, Benfica CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of that information.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEuWE+HbROfc9/WCnnk36mljh5s1MFAl9oxxMACgkQk36mljh5 s1NHkgv5ARTZhX/QX5g3MSbVOFnLxPNYAWPX1hknskxsJChgE6TWPi3mRefxtKU6 EM9xd8PDAobT4w3gMxamrmr+0uBMzI1ysLt3VtGfIjnZp9bh3kGXIJ2LHnWLMeS5 w4YaB9L/UtOo8TBrLREj0FCb1j2sHTcaa4GFpZr+V1iYWvpuRJOvNjvzZ46uclC1 yfq7AQaSnqaBaF6pyoL0IMsevaYEq7rjfSMR5Kk09ko9CdGYlKSv8TfIiW7rb7dE PRR1WztMpNKw3tcr5DgGYkml/Q/yCK2dwBEIq48c68XQRkzKtMZvdob4adsHeXvB VJht59Zey9PXP+jP2oHzJ/eeDSqMAe2vrps7y5IT/AiEbhaEJjBzzrQIpkegJmaa WSSxgvnuAz0FzmVOBTvZpJ5ZNbU5teJY/pHoU51Oq0ypW4ftELUSY0Vrbl49Muof IKCollGpCO1MmMiK03c8aLBSZ/WXEizoJNr0g1ym5gF9dLB0KIT5AJ0dOF0UHNgU LaONO4aj
-----END PGP SIGNATURE-----