1. About this document 1.1. Date of the last update. This is version 1.1, published on 20/07/2021. 1.2. Notification Distribution List. Currently, NSOC NASK SA does not use any distribution lists to notify changes to this document. 1.3. Places where this document can be found. The current version of this document describing the NSOC of NASK SA is available on the NASK SA website; its URL is https://nasksa.pl Please make sure you are using the latest version. 1.4. Authentication of this document. This document has been signed by the PGP key of NASK SA. The signature can also be found on our website at: https://nasksa.pl 2. Contact details 2.1. Team name NSOC NASK SA 2.2. Address NASK SA 11 Listopada 23 03-446 Warsaw Poland 2.3. Time zone Central European Time (GMT+0100, GMT+0200 from April to October) 2.4. Phone number +48 22 380 81 82 2.5. Fax +48 22 448 14 18 2.6. Other methods of communication Not available 2.7. Email address 2.8. Public keys and other encryption information NASK SA has a PGP key whose KeyID is 0fad 6b5f and finger-print cbdf46e6069c2d2aa5701cdcce4e672c0fad6b5f 2.9. Other information General information about NASK SA's NSOC, as well as links to various recommended security resources, can be found at: https://www.nasksa.pl NASK SA uses the following Facebook page to publish news about current activities: https://www.facebook.com/NASKSAPL/. NASK SA publishes brief news of current events at: https://twitter.com/nasksapl. 2.10. Contact points for customers The preferred method of contacting NASK SA's NSOC is emailing to ; the responsible operator handles the emails sent to this address. We encourage customers to use PGP encryption when sending any information sensitive to NASK SA. If email is not possible, the NASK SA NSOC can be contacted by telephone. NSOC NASK SA operates 24 hours a day. 3. Articles of association 3.1. The mission of the organisation The mission of NSOC NASK SA is to identify, analyse and mitigate threats targeting Polish Internet users. As an essential part of the national cyber security system, NSOC NASK SA contributes to cyber security at the national level. 3.2. Area of operation The area of activity of NSOC NASK SA covers all the users of NASK SA telecom systems and networks, including its subsidiaries and other external entities, using the network infrastructure and service platforms of NASK SA, for which services are provided. 3.3. Funding and/or affiliation NSOC NASK SA is financially maintained by NASK SA. 3.4. Authority NSOC NASK SA operates under the auspices and supervision delegated by the management of the Security Services Department of NASK SA. 4. Terms and conditions 4.1. Types of incidents and level of support NSOC NAKS SA is authorised to resolve all types of computer and network security incidents that may occur in NASK SA (within the scope of services provided). NSOC NAKS SA prioritises incidents according to their severity, scope and significance. Incidents are handled according to priority. The level of support provided by NSOC NAKS SA varies depending on the severity and type of problem and other circumstances relevant to the case. 4.2. Cooperation, interaction and disclosure of information All information received by NSOC NAKS SA regarding the handling of cyber security incidents is treated as confidential and used solely to resolve incidents and prevent further incidents. Sensitive information (personal data, system configurations) or harmful is processed securely and encrypted if transmitted in a non-secure environment. Information provided to NSOC NAKS SA may be sent to interested parties, such as other CERT teams, administrators of affected resources, on a "need to know" basis, for incident handling purposes only (to the extent necessary to identify and mitigate the threat). No personal data shall be exchanged unless unless with express authorisation. NSOC NAKS SA does not report incidents to law enforcement authorities unless required by national law. However, CERT Orange Polska cooperates with law enforcement agencies only during the official investigation (we can provide information upon their request). 4.3. Communication and authentication NSOC NAKS SA is obliged to comply with the regulations and rules in Poland and EU processing of confidential information. All email communication should be marked using TLP standards. Low sensitivity data can be sent via unencrypted email. However, this is not considered secure. PGP encryption is recommended, especially for sensitive data. 5. Services 5.1. Incident detection and analysis Determining the authenticity of an incident Determining the root cause of the incident Determining the appropriate response Assessing the severity of the incident 5.2. Risk mitigation and recovery plans Preparation of a remediation strategy post factum Preparation of recommendations for security improvements for system administrators Develop procedures for handling different types of cybersecurity incidents 5.3. Incident assessment Correlation of incidents based on collected data The continuous search for ways to improve team performance Creation of reports 5.4. Incident prevention Coordination of responses to threats Collection of data on security threats and known indicators of security breaches from various sources Observation of current technological and security threats Development and enhancement of existing security tools and mechanisms to continually improve security 5.5. Proactive measures Co-creation of new threat announcements for their clients Training and other activities (such as simulations of actual incidents) to improve team performance 6. Incident reporting Reporting incidents Security incidents should be reported via an encrypted email to SOC@nasksa.pl. 7. Disclaimer Although every precaution is taken in the preparation of the information, notices and alerts, NSOC NASK SA (as well as NASK SA) is not responsible for errors or omissions or damages resulting from the use of the information contained therein.