-----BEGIN PGP SIGNED MESSAGE-----
1. Document Information
This document describes Sport Lisboa e Benfica's Information Security Incident Response coordination service according to RFC 2350.
1.1 Date of Last Update
Version 3, last updated on 21/09/2021.
1.2 Distribution List for Notifications
Não existe um canal de distribuição para notificar alterações a este documento.
1.3 Document Location
The updated version of this document is available at https://www.slbenfica.pt/en-us/csirt/
1.4 Authentication of this Document
This document is signed with the Benfica CSIRT PGP key.
2. Contact informationo
2.1 Name of the Team
Estádio do Sport Lisboa e Benfica – Porta 18
Av. Eusébio da Silva Ferreira 1500-313 LISBOA, PORTUGAL
2.3 Time Zone
Portugal/WEST (GMT+0, GMT+1 Summer Time)
2.4 Telephone Number
+351 217 219 504
2.5 Other Telecomunications
2.6 Email Address The email address for notification of security incidents is email@example.com.
2.7 Public Keys and Other Encryption Information
PGP Key ID: 3879B353
PGP Fingerprint: B961 3E1D B44E 7DCF 7F58 29E7 937E A696 3879 B353
The key is available at: ttps://pgp.circl.lu/pks/lookup?op=vindex&fingerprint=on&search=0x937EA6963879B353
2.9 Team Members
2.10 Other Information
More information about CSIRT SLB can be found at https://www.slbenfica.pt/en-us/csirt/.
2.11 Points of Customer Contact CSIRT SLB has the contacts listed in sections 2.2 and 2.4 to 2.7.
3.1 Mission Statement
Benfica CSIRT is responsible for monitoring, detecting and responding to information security incidents in the community served.
Forensic audits and security awareness are also the responsibility of Benfica CSIRT.
Benfica CSIRT is responsible for responding to information security incidents related to employees, assets and all domains of Sport Lisboa e Benfica, namely:
Domain and subdomains slbenfica.pt, benficaplay.pt, museubenfica.pt, 184.108.40.206/32, 220.127.116.11/32, 18.104.22.168/29, 22.214.171.124/27, 126.96.36.199/27.
3.3 Sponsoring Organization / Affiliation
Benfica CSIRT is a team from Sport Lisboa e Benfica.
Benfica CSIRT is mandated by the CSSO (Chief Safety & Security Officer) of Sport Lisboa e Benfica.
4.1 Types of Incident and Levels of Support
Benfica CSIRT responds to all types of Information Security incidents, namely those that result in a security breach of the following types:
a) Malicious Code
c) Collection of Information
d) Intrusion Attempt
f) Information Security
h) Abusive Content
4.2 Cooperation, Interaction and Disclosure of Information
The internal policies of Sport Lisboa e Benfica provide that sensitive information can be passed on to third parties, solely and exclusively in case of need and with the prior and express authorization of the individual or entity to whom that information relates.
4.3 Communication and Authentication
From the communication channels provided by Benfica CSIRT, the phone and email unencrypted are considered sufficient for the transmission of non-sensitive information.
Sensitive data sent by email must be encrypted by the Benfica CSIRT PGP key.
5.1 Incident Response
Benfica CSIRT will assist in the technical and organizational details of security incidents. In particular, it will provide assistance and advice in coordinating incidents.
5.2 Incident Triage
Confirmation of the veracity of a reported Incident will determine its criticality and priority.
5.3 Incident Coordination
Identification of the root cause of the Security Incident, facilitating contact with third parties and judicial authorities.
Benfica CSIRT will also report to and collaborate with other national and international CSIRTs.
5.4 Incident Resolution Correction of vulnerabilities, removal of preventive measures and preservation of data collected during previous phases.
5.5 Proactive Activities
Benfica CSIRT performs the following activities:
Security Tools; Awareness, Education and Training; and Regular community alerts.
6. Incident Reporting Form
There are currently no forms available, the security incident reports must contain all relevant information relevant to the event and sent to the Benfica CSIRT email address.
Although all precautions are taken in the preparation of the information disclosed either on the Internet portal or via the website, Benfica CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of that information.
-----BEGIN PGP SIGNATURE-----
iQGzBAEBCAAdFiEEuWE+HbROfc9/WCnnk36mljh5s1MFAmFJ7xMACgkQk36mljh5 s1Ms7AwAokhjdajxFTTpfxTExbm1oZ5EHLCmf9deQSHVXUNWWVscsLSnO+y4iJmP DRIVfAkkEcsX1pi7nuvWD4CJ4yR6EePPDbTbGna+MNYgJctVucGr8XLYplxRAEv0 eqTB0tCt0gwXZGNH0d7FEbLnm6onDl8+rIQidaFTIGeSk25Dq1mVAsmqPbXzyyD6 5r1cIyrCBLYxA8SIiQnB66eQFpKV3KwVmTFn49YaAF7qqdFDPLQHEE/IXP6c6iSQ aFCIGnd1/U45L+0eo5y2Ez7s96J9Ufl9w1EgQ+sT7G1LeooT+eNyLlhxfaL6nh2A Pbtxe8XNoaEDv3lrydLrWPsapZNcGpeoOHxseGw2p2bRDPb7id/xMmPducjHn3m9 ZK02YmNiOUBU69jC4PnZlSAOG4YhOSdDVkIrDux58/CK2aB274PyqyjiQziMCRJg yrQyLbsoxcj1L1dQFlDqnykz1Zp8SZbI8gVGXDPxDkXcr5fq+8xvlLrSsQzoPAtQ bo3lnKEX
-----END PGP SIGNATURE-----