RFC 2350

 

  1. Document Information

This document contains a description of Botswana National Computer Security Incident Response Team (BW-CSIRT) in accordance to RFC2350[1]. It provides basic information about BW-CSIRT, its channels of communication, services and its role and responsibilities.

    1. Date of Last Update


This is version 3.0, published 19-06-2023
 

    1. Distribution List for Notifications


N/A

    1. Locations where this document may be found


               https://www.cirt.org.bw/services/refc250.pdf

 

    1. Authenticating this document
       

        This document has been digitally signed by Emmanuel Thekiso, The Head of BW-CSIRT

 

    1. Document Identification

Title

RFC2350

Version

3.0

Document Date

19 June 2023

Expiration

This document is valid until superseded by a later version

 

  1. Contact Information
    1. Name of the Team
       

Full Name

Botswana National Computer Security Incident Response Team 

Short name

BW-CSIRT

 

    1. Address
       

Botswana CSIRT (BW-CSIRT)
Botswana Communications Regulatory Authority,
Plot 66459, Spectrum House, Phakalane
Gaborone, Botswana
 

    1. Time Zone

Greenwich Mean Time (GMT+2), in Central Africa Time Zone (CAT)
 

    1. Telephone Number

           +267-3685548, +267-395500

    1. Facsimile Number

          +267 3957976

    1. Electronic e-Mail Address
       

   For notifications and operational matters, please contact us at: Email address: Info@cirt.org.bw. The email address is monitored by duty officers during hours of operations .
 

    1. Other Telecommunications

                     N/A

    1. Public Keys and Encryption Information

 

PGP key ID

0xbe3be88ba4900dfd

 

PGP Key Fingerprint

CE8A E05F CAAF 011D 07A2 3F8A BE3B E88B A490 0DFD

Location

https://pgp.circl.lu/

 

Please use this key when you want/need to encrypt messages that you send to BW-CSIRT

                                         

    1. Team Members
       

The head of BW-CSIRT is Emmanuel Thekiso. Information about other team members is available on request.
 

    1. Other Information
       

BW-CSIRT is a member of

  • AfricaCERT[2] .
  • Forum of Incident Response and Security Teams (FIRST)[3]

 

2.11 Days of Operation
 

Days of operation: 07:30 to 17:00 GMT+2 on business days Monday to Friday.
Emergency Cases:  Hotline number +267-73111260 and +267-3685548

  1. Charter

 

    1. Mission Statement
       

The BW-CSIRT mission is to create, maintain, and promote the adequate capabilities for Botswana to respond to cyber threats and to protect its national critical information infrastructures. The scope of our activities covers prevention, detection, response, and recovery.

 

3.2        Constituency
 

Our constituency are public sector institutions and critical information infrastructure of  Botswana and as  stated in the National Cybersecurity Strategy[4].

 

3.3        Sponsorship and/or Affiliation
 

BW-CSIRT is an independent organization hosted under the Botswana Communications Regulatory Authority (BOCRA)[5]

    1. Authority
       

The establishment of the BW-CSIRT was mandated by the Communications Regulatory Act (CRA Act), with the   main purpose  of  coordination of  incident response to communications consumers. The BW-CSIRT work cooperatively with system administrators and users at public sector institutions and at critical information infrastructure.

  1. Policies
    1. Types of Incidents and Level of Support
       

BW-CSIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, in our constituency. The level of support given by BW-CSIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected. Special attention will be given to issues affecting critical information infrastructure. Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator or their ISP for assistance

 

    1.  Co-operation, interaction, and disclosure of information
       

All incoming information is handled confidentially by BW-CSIRT, regardless of its priority. Information that is evidently very sensitive in nature is only communicated and stored in a secure environment, if necessary, using encryption technologies. BW-CSIRT highly regards the importance of operational cooperation and information sharing between CSIRTs, and also with other organizations which may contribute towards or make use of their  services.  BW-CSIRT operates within the laws of Botswana when disclosing information.

    1. Communication and Authentication
       

BW-CSIRT protects sensitive information in accordance with the relevant policies. The BW-CSIRT uses the PGP encryption and signing for secure communication.

  1. SERVICES
     

The BW-CSIRT has adopted the use of FIRST CSIRT Services Framework [6]  and provides assistance on prevention, detection, resolution and advice to its constituent

5.1 Information Security Incident Management

  • Collect and evaluate information security incident reports, analyze relevant data and perform detailed technical analysis of the incident  and artefacts
  • Perform mitigation steps to recover from the incident
  • coordination with external entities such as peer CSIRTs or security experts, vendors, or PSIRTs to address all aspects and reduce the number of successful attacks.

 

5.2        Information Security Event Management

  • Monitoring, detection, correlation and event analysis of security events from  wide variety of event and contextual data sources.

 

5.3        Vulnerability Management

  • discovery, analysis, and handling of new or reported security vulnerabilities in information systems.
  • detection and response to known vulnerabilities in order to prevent them from being exploited.  

 

5.4        Knowledge Transfer

  • knowledge transfer to constituents to improve overall cybersecurity,
  • Awareness building
  • Training and education
  • Cybersecurity Exercises
  • Technical and policy advisory
  • Research and information aggregation

 

5.3        Service Level

       We strive to react to incoming incident reports from within one business day.

  1. Incident Reporting

 All incidents should be reported via encrypted  security@)cirt.org.bw/. When contacting us please provide at least the following

  • Incident date and time (including time zone)
  • Contact details, organizational information, name of a person, organizational name, and address, email address, telephone number
  • Short summary of the incident/emergency /crisis and type of event
  • The event/incident (e.g., which system produced the alert).
  • Affected systems, Source IPs, ports, and protocols
  • And any relevant information
  1. Disclaimers

 

  While every precaution will be taken in the preparation of information, notifications, and alerts, BW-CIRT assumes no responsibility for errors or omissions, or damages resulting from the use of information contained within

- =========================================================

                                                                        END

 

 

 

 

  1. Information

This document contains a description of Botswana National Computer Security Incident Response Team (BW-CSIRT) in accordance to RFC2350[7]. It provides basic information about BW-CSIRT, its channels of communication, services and its role and responsibilities.

    1. Date of Last Update


This is version 3.0, published 19-06-2023
 

    1. Distribution List for Notifications


N/A

    1. Locations where this document may be found


               https://www.cirt.org.bw/services/refc250.pdf

 

    1. Authenticating this document
       

        This document has been digitally signed by Emmanuel Thekiso, The Head of BW-CSIRT

 

    1. Document Identification

Title

RFC2350

Version

3.0

Document Date

19 June 2023

Expiration

This document is valid until superseded by a later version

 

  1. Contact Information
    1. Name of the Team
       

Full Name

Botswana National Computer Security Incident Response Team 

Short name

BW-CSIRT

 

    1. Address
       

Botswana CSIRT (BW-CSIRT)
Botswana Communications Regulatory Authority,
Plot 66459, Spectrum House, Phakalane
Gaborone, Botswana
 

    1. Time Zone

Greenwich Mean Time (GMT+2), in Central Africa Time Zone (CAT)
 

    1. Telephone Number

           +267-3685548, +267-395500

    1. Facsimile Number

          +267 3957976

    1. Electronic e-Mail Address
       

   For notifications and operational matters, please contact us at: Email address: Info@cirt.org.bw. The email address is monitored by duty officers during hours of operations .
 

    1. Other Telecommunications

                     N/A

    1. Public Keys and Encryption Information

 

PGP key ID

0xbe3be88ba4900dfd

 

PGP Key Fingerprint

CE8A E05F CAAF 011D 07A2 3F8A BE3B E88B A490 0DFD

Location

https://pgp.circl.lu/

 

Please use this key when you want/need to encrypt messages that you send to BW-CSIRT

                                         

    1. Team Members
       

The head of BW-CSIRT is Emmanuel Thekiso. Information about other team members is available on request.
 

    1. Other Information
       

BW-CSIRT is a member of

  • AfricaCERT[8] .
  • Forum of Incident Response and Security Teams (FIRST)[9]

 

2.11 Days of Operation
 

Days of operation: 07:30 to 17:00 GMT+2 on business days Monday to Friday.
Emergency Cases:  Hotline number +267-73111260 and +267-3685548

  1. Charter

 

    1. Mission Statement
       

The BW-CSIRT mission is to create, maintain, and promote the adequate capabilities for Botswana to respond to cyber threats and to protect its national critical information infrastructures. The scope of our activities covers prevention, detection, response, and recovery.

 

3.2        Constituency
 

Our constituency are public sector institutions and critical information infrastructure of  Botswana and as  stated in the National Cybersecurity Strategy[10].

 

3.3        Sponsorship and/or Affiliation
 

BW-CSIRT is an independent organization hosted under the Botswana Communications Regulatory Authority (BOCRA)[11]

    1. Authority
       

The establishment of the BW-CSIRT was mandated by the Communications Regulatory Act (CRA Act), with the   main purpose  of  coordination of  incident response to communications consumers. The BW-CSIRT work cooperatively with system administrators and users at public sector institutions and at critical information infrastructure.

  1. Policies
    1. Types of Incidents and Level of Support
       

BW-CSIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, in our constituency. The level of support given by BW-CSIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected. Special attention will be given to issues affecting critical information infrastructure. Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator or their ISP for assistance

 

    1.  Co-operation, interaction, and disclosure of information
       

All incoming information is handled confidentially by BW-CSIRT, regardless of its priority. Information that is evidently very sensitive in nature is only communicated and stored in a secure environment, if necessary, using encryption technologies. BW-CSIRT highly regards the importance of operational cooperation and information sharing between CSIRTs, and also with other organizations which may contribute towards or make use of their  services.  BW-CSIRT operates within the laws of Botswana when disclosing information.

    1. Communication and Authentication
       

BW-CSIRT protects sensitive information in accordance with the relevant policies. The BW-CSIRT uses the PGP encryption and signing for secure communication.

  1. SERVICES
     

The BW-CSIRT has adopted the use of FIRST CSIRT Services Framework [12]  and provides assistance on prevention, detection, resolution and advice to its constituent

5.1 Information Security Incident Management

  • Collect and evaluate information security incident reports, analyze relevant data and perform detailed technical analysis of the incident  and artefacts
  • Perform mitigation steps to recover from the incident
  • coordination with external entities such as peer CSIRTs or security experts, vendors, or PSIRTs to address all aspects and reduce the number of successful attacks.

 

5.2        Information Security Event Management

  • Monitoring, detection, correlation and event analysis of security events from  wide variety of event and contextual data sources.

 

5.3        Vulnerability Management

  • discovery, analysis, and handling of new or reported security vulnerabilities in information systems.
  • detection and response to known vulnerabilities in order to prevent them from being exploited.  

 

5.4        Knowledge Transfer

  • knowledge transfer to constituents to improve overall cybersecurity,
  • Awareness building
  • Training and education
  • Cybersecurity Exercises
  • Technical and policy advisory
  • Research and information aggregation

 

5.3        Service Level

       We strive to react to incoming incident reports from within one business day.

  1. Incident Reporting

 All incidents should be reported via encrypted  security@)cirt.org.bw/. When contacting us please provide at least the following

  • Incident date and time (including time zone)
  • Contact details, organizational information, name of a person, organizational name, and address, email address, telephone number
  • Short summary of the incident/emergency /crisis and type of event
  • The event/incident (e.g., which system produced the alert).
  • Affected systems, Source IPs, ports, and protocols
  • And any relevant information
  1. Disclaimers

 

  While every precaution will be taken in the preparation of information, notifications, and alerts, BW-CIRT assumes no responsibility for errors or omissions, or damages resulting from the use of information contained within