Description of CSIRT for Cyber360-CSIRT 1. Document Information The document provides a description of Cyber360-CSIRT according to RFC 2350. The document provides basic information about Cyber360-CSIRT, its tasks and the communication channels used. 1.1. Date of last update Document version: 1.00, published on 22.09.2025 1.2 Distribute Document Change Notifications Currently, CSIRT Cyber360 does not use any distribution list designed to notify you of changes to this document. 1.3 Where to find the document The current version of the document describing Cyber360-CSIRT is available at: https://cyber360.pl/csirt/ 1.4 Document Attestation The document was signed using the PGP key, which can be found on the website: https://cyber360.pl/csirt/ 2. Contact Information 2.1 Team name Cyber360 Computer Security Incident Response Team 2.2 Address Władysława IV 43/401 81-308 Gdynia Poland 2.3 Time zone Central European (GMT +0100, GMT+0200 from the last Sunday of March to the last Sunday of October) 2.4 Phone number +48 585 857 530 2.5 Fax Number Unavailable 2.6 Other telecommunications Unavailable 2.7 Email address csirt@cyber360.pl 2.8 Public keys and other encryption information The PGP key used by Cyber360-CSIRT can be found at: https://cyber360.pl/csirt/ 2.9 Other Information General information about CSIRT Cyber360 can be found at https://cyber360.pl/csirt/ 2.10 Points of Contact The preferred method of contact is email using a PGP key to ensure integrity and confidentiality. ICT incidents should be reported to Cyber360-CSIRT by filling out the form available at: https://cyber360.pl/csirt/ in the "Incident Reporting" tab and send it to the following address: csirt@cyber360.pl. The application can also be sent via traditional mail to the following address: Władysława IV 43/401 81-308 Gdynia Poland If you need urgent contact, please call the Cyber360-CSIRT Duty Officer at +48 585 857 530 3. Statutes 3.1 Mission The Cyber360-CSIRT Computer Security Incident Response Team led by Cyber360 Sp z o.o. deals with receiving and forwarding reports and reports, responding to incidents, analyzing vulnerabilities and threats, cooperating with national and sectoral CSIRTs, as well as supporting monitoring, education and improving the level of security of information systems for CyberDefender customers. It also performs additional technical, coordination and advisory activities. In special cases, it performs tasks for entities related to CyberDefender customers. Cyber360-CSIRT is responsible for: 1) receiving incident reports; 2) incident response; 3) collecting information about vulnerabilities and cyber threats; 4) cooperation with entities related to CyberDefender customers in the field of exchange of good practices and information on vulnerabilities and cyber threats, 5) organizing and participating in exercises and supporting training initiatives; 5) cooperating with the CSIRT MON, CSIRT NASK and CSIRT GOV in responding to incidents coordinated by them, in particular in the field of exchanging information on cyber threats and the measures used to prevent and mitigate the impact of incidents; 6) cooperating with other CSIRTs in the field of exchanging information on vulnerabilities and cyber threats. 3.2 Area of operation Cyber360-CSIRT operates at the level of the Cyber360 Company and CyberDefender customers, i.e. for entities for which Cyber360 Sp z o.o. provides the SOC/MDR service, it is established by the Company's Management Board. Incidents reported to Cyber360-CSIRT that do not fall within its area of operation are immediately forwarded to the appropriate CSIRT. 3.3 Sponsorship and Affiliation Cyber360-CSIRT is operated by Cyber360 Sp. z o.o. and acts as a CSIRT for the Company's clients and entities related to Cyber360's clients. The tasks of Cyber360-CSIRT are established by the Management Board of Cyber360 Sp. z o.o. 3.4 Power of Attorney Ordinance of the President of the Management Board No. 1/07/2025 of 7 July 2025 on the establishment of a CSIRT team in the structures of Cyber360 Supporting documents regulating the scope of Cyber360-CSIRT activities: 4. Policies 4.1 Incident types and level of support The Cyber360-CSIRT team handles all types of computer security incidents related to their area of operation. Cyber360-CSIRT can decide their priority. 4.2 Cooperation, interaction and disclosure of information Cyber360-CSIRT may, in particular: 1) to ensure, in cooperation with other CSIRTs, dynamic risk analysis and incident analysis and to assist in raising awareness of cyber threats among entities in the statutory area of operation; 2) perform the necessary technical activities related to the analysis of cyber threats and response to a serious incident; 2) coordinate, within the entities with which Cyber360 is bound by a SOC/MDR service agreement, the handling of incidents concerning them; 3) support, in agreement with the key entity or an important entity from among the customers of the CyberDefender service, the performance of its obligations set out in Article 11, Article 12 and Article 13; 4) as part of the response to a major incident, apply to the competent authority for cybersecurity with a request to call on the critical entity and the important entity to remove the vulnerabilities that have led or could lead to a major incident within a specified timeframe. Cyber360-CSIRT then informs the relevant CSIRT MON, CSIRT NASK or CSIRT GOV about the submission of the application; 5) carry out activities to increase the level of security of information systems of key entities and entities important in a given sector or subsector, in particular by: a) performing safety assessments, b) identifying vulnerabilities of systems available in open ICT networks, as well as notifying the owners of these systems about detected vulnerabilities and cyber threats. 4.3 Communication and authentication To ensure the confidentiality of the information transmitted, we recommend using PGP encryption (this standard is used by CSIRT teams around the world). Software supporting PGP encryption for non-commercial purposes is available free of charge. It is available for virtually all hardware platforms. To send the encrypted message, you will need the Cyber360-CSIRT public key RFC2350 Cyber360-CSIRT_ENG, available at https://cyber360.pl/csirt/ 5. Services 5.1 Prevention Cyber360-CSIRT focuses on raising awareness and preventing threats to its area of operation. Cyber360-CSIRT monitors identified cybersecurity threats on an ongoing basis, collects data on incidents and indicators of compromise (IoC) obtained during analyses. The conclusions of the analyses are then made available in the form of publications, recommendations and warnings. 5.2 Incident Response Cyber360-CSIRT is responsible for coordinating and supporting ICT security incidents reported by entities within the statutory area of activity. The potential of Cyber360-CSIRT covers the entire incident response process, in particular: - preparation for incident handling, - detection and analysis, -Notification - restriction, liquidation and restoration, - application analysis based on the evidence obtained, -Recommendations. 6. Incident Reporting Forms Instructions for reporting an incident and the form are available on the website: https://cyber360.pl/csirt/ 7. Disclaimers Although Cyber360-CSIRT makes every effort to prepare reliable, comprehensive security information, notifications and alerts, it is not responsible for any errors, omissions or damages resulting from the use of the information contained in the aforementioned publications, or any damages resulting from the use of the above information.