A Equipe de Resposta e Tratamento de Incidentes de Segurança da Informação (Computer Security Incident Response Team - CSIRT Inter) é responsável por receber, analisar, processar e responder os incidentes de segurança envolvendo o Grupo Inter.
O CSIRT atua na detecção, análise, resposta e prevenção de incidentes de segurança, além de contribuir para o esforço nacional de cibersegurança no âmbito da Rede Nacional de CSIRT.
CSIRT Inter RFC 2350Version: 1.0Data: June 29, 2021EN | PT
1. Document Information
This document contains a description of CSIRT Inter according to RFC 2350.
1.1 Date of Last UpdateJune 29, 2021
1.2 Distribution List for Notifications
There is no distribution list for notifications of new versions of this document.
1.3 Locations Where This Document May Be Found
The current version of this document can be found at (bancointer.com.br/seguranca/csirt/rfc2350)
For validation purposes, a GPG signed ASCII version of this document is located at marketing.bancointer.com.br/arquivos/seguranca/rfc2350
The key used for signing is the CSIRT Inter key as listed under 2.8.
2. Contact Information
2.1 Name of the Team
Name in English:
CSIRT - Computer Emergency Response Team in Banco Inter
Name in Portuguese:
CSIRT – Grupo de Resposta a Incidentes de Segurança no Banco Inter
2.2 AddressCSIRT Inter
Av. Barbacena, 1219, Santo Agostinho
Belo Horizonte | MG | CEP 30190-131 |
2.3 Time zone
CSIRT inter is in Belo Horizonte, Minas Gerais, Brazil, UTC-0300.
2.4 Telephone numberNot applicable
2.5 Facsimile numberNot applicable.
2.6 Other telecommunicationNot applicable.
2.7 Electronic mail address
Incident reports should be sent to email@example.com
2.8 Public keys and encryption information
CSIRT Inter PGP Key has annual validity and the year's key is generated in June. The Key information can be found at:marketing.bancointer.com.br/arquivos/seguranca/pgp
2.9 Team members
No public information is provided about CSIRT members.
2.10 Other information
For additional information about how to contact CSIRT Inter see:bancointer.com.br/seguranca/csirt
CSIRT Inter is a CERT.br member, details athttps://www.cert.br/csirts/brasil/
2.11 Points of customer contact
To contact CSIRT Inter regarding security incidents related to Inter Bank networks send an email to firstname.lastname@example.org.
CSIRT operates from Monday through Friday, from 09:00h to 18:00h, UTC-0300.
3.1 Mission statement
To increase the level of security and incident handling capacity of the security information in inter bank
CSIRT Inter provides incident analysis and coordination for any incident security information that uses Internet Resources allocated by Inter Bank
CSIRT Inter will always try to coordinated with more specific Brazilian CSIRTs and Security Teams. If none is available, it will do its best to locate the Autonomous System Responsible party.
Educational material is provided for the general public at these addresses: bancointer.com.br/seguranca/
3.3 Sponsorship and/or affiliation
Banco Inter, an institution authorized to operate by the Central Bank of Brazil, and has responsible for complying with its regulations. CSIRT Inter is responsible for responding on the Institution's Incident Action and Response Plan, pursuant to CMN Resolution No. 4,893Reference
RESOLUÇÃO CMN Nº 4.893, DE 26 DE FEVEREIRO DE 2021
CSIRT Inter has no authority over its constituency, all activities are based on collaborative relationships with other entities.
4.1 Types of incidents and level of support
CSIRT Inter provides a focal point for incident notification in the country, providing the coordination and necessary support for organizations involved in incidents, including:
- Support in the analysis of compromised systems and in their recovery process;
- Establish collaborative relationships with other entities, such as other CSIRTs, universities, Internet service and access providers and telecommunication companies;
- Maintain public statistics of incidents handled and spam complaints received.
4.2 Co-operation, interaction and disclosure of information
CSIRT Inter treats all information as confidential by default but will use the information shared to help solve security incidents. Information might be distributed forward to other teams/organizations on a need-to-know basis. Information will be anonymised whenever it is feasible.
CSIRT Inter adheres to the Information Sharing Traffic Light Protocol according to the FIRST Standard Definitions and Usage Guidance: https://www.first.org/tlp/. Information that is labelled with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.
4.3 Communication and authentication
For normal communication not containing sensitive information CSIRT Inter uses conventional methods like unencrypted e-mail. Please refer to sections 2.7 and 2.8. For sensitive information, the use of PGP encryption is strongly encouraged. If it is necessary to authenticate a person before communicating, this can be done by other methods like call-back, mail-back or even face-to-face meeting if necessary.
5.1 Incident response
CSIRT Inter will provide assistance to other teams in handling the technical and organizational aspects of incidents.
5.1.1. Incident triage
CSIRT Inter will help to validate the incident, as well as to assess it and prioritise it.
5.1.2. Incident coordination
CSIRT Inter encourages all teams to directly contact the most specific CSIRT or security team as possible.CSIRT Inter will then:
- Determine if all involved organizations where contacted and if any additional contact needs to be made;
- Facilitate contact to other parties which can help resolve the incident;
- If any help is needed, it will contact the involved organizations to help them to take the appropriate steps.
The most valuable service we can provide is to act as an information hub, which knows where to send the right incident reports to in order to help and facilitate the resolution of security incidents.
Due to staffing levels we can not guarantee we can reply to all incident reports received. If the report was already sent to the best possible contacts, CSIRT Inter will record the incident for statistical purposes, but it might not send any reply. If you haven't received any feedback to a report and need any action by CSIRT Inter staff, please contact us again, clearly stating the type of help needed.
Auto-generated reports and data-feeds will be handled as automatically as possible.
5.1.3. Incident resolution
As CSIRT Inter is a coordinating team, this means we do not have any authority to enforce the request of takedowns, shutdowns or any other specific action. To the best of our ability we will:
- Advise local security teams and system administrator on appropriate actions;
- Identify any new type of incident that could require the dissemination of best practices for prevention of future incidents;
5.2 Proactive activities
CSIRT Inter has several activities which aim to help our constituency to prevent as well as better handle computer security incidents:
- Raise security awareness in its constituency;
- Provide formal training in incident management;
- Observe current trends in technology;
- Aggregate, validate and redistribute data-feeds;
- Transfer relevant knowledge to the constituency, through best practices documents, presentations and training;
- Provide fora for community building and information exchange within the constituency;
- Collect contact information of local security teams.
6. Incident reporting forms
There are no forms available. Please refer to section 2.7.
While every precaution is taken in the preparation of information and notifications, CSIRT Inter assumes no responsibility for errors or omissions, or for damages resulting from the use of the information provided.