RFC-2350
1. Document Information
This document contains a description of bjCSIRT as implemented by RFC 2350. It provides basic information about bjCSIRT, its channels of communication, its roles and responsibilities.
1.1. Date of Last Update
01/07/2020
1.2. Distribution List for Notifications
There is no distribution list for notifications.
1.3. Locations where this Document May Be Found
The current version of this document can always be found at https://csirt.gouv.bj/bjCSIRT-rfc2350-en
1.4. Authenticating this document
This document has been signed with the PGP key of bjCSIRT. See section 2.8 for more details.
2. Contact Information
2.1. Name of the Team
bjCSIRT, National CSIRT of Benin Republic
2.2. Address
Benin Republic Presidency
Annex
Palais de la Marina
Cotonou – Bénin
2.3. Time Zone
UTC+01, West-Central Africa, all the year.
2.4. Telephone Number
+229 21 36 87 20
2.5. Facsimile Number
N/A
2.6. Other Telecommunication
N/A
2.7. Electronic Mail Address
2.8. Public Keys and Encryption Information
The bjCSIRT has a PGP key (0xA021CE57), with KeyID 2725d162a021ce57 and fingerprint 215A DA01 AB0A DC00 0EEF 768B 2725 D162 A021 CE57. The key and its signatures can be found at public key servers like pgp.mit.edu.
2.9. Team Members
The head of bjCSIRT is Mr Miguel SOSSOUHOUNTO.
Information about other team members is available upon request.
2.10. Other Information
General information about bjCSIRT is available at https://csirt.gouv.bj
bjCSIRT Twitter profile (mostly in French): https://twitter.com/bjCSIRT
2.11. Points of Customer Contact
The preferred communication channel is the e-mail address contact@csirt.gouv.bj. If it’s not possible to use e-mail, please call the official phone number indicated in p.2.4. Appropriate communication channels are advised according to the nature of the request.
bjCSIRT has one team member on duty 24/7.
3. Charter
3.1. Mission Statement
bjCSIRT’s mission is to support the government of Benin Republic and constitutional institutions to protect themselves against intentional and malicious attacks that would hamper the integrity of their IT assets and harm the interests of Benin Republic. The scope of bjCSIRT’s activities covers prevention, detection, response, recovery and help to cybercrime investigation. bjCSIRT will operate according to the following key values:
- Highest standards of ethical integrity
- High degree of service orientation and operational readiness
- Effective responsiveness in case of incidents and emergencies and maximum commitment to resolve the issues
- Building on, and complementing the existing capabilities in the constituents
- Facilitating the exchange of good practices between constituents and with peers
- Fostering a culture of openness within a protected environment, operating on a need to know basis
3.2. Constituency
The constituency of bjCSIRT is composed of all the Benin Republic governmental institutions, constitutional institutions and state agencies. For a complete list and more information please see https://csirt.gouv.bj/bjCSIRT-constituency
3.3. Sponsorship and/or Affiliation
Benin Republic Presidency
Presidential Numeric Council
Digital Agency (ADN)
National Agency for Information Systems Security (ANSSI-Bénin)
Analysis & Investigation Bureau (BAI)
3.4. Authority
Full authority
4. Policies
4.1. Types of Incidents and Level of Support
N/A
4.2. Co-operation, Interaction and Disclosure of Information
bjCSIRT highly regards the importance of operational cooperation and information-sharing between Computer Emergency Response Teams, and also with other organisations which may contribute towards or make use of their services.
bjCSIRT works in tight cooperation with Police. Standard privacy laws apply. In case of a potential criminal incident we recommend the proper Police Unit to handle the case. Rules of good practice are in place to avoid dissemination of private data. Cases and examples are disseminated in professional circles in an anonymised form.
4.3. Communication and Authentication
For international communications ordinary precautions apply – like communicating to/via previously trusted and listed teams and using PGP.
5. Services
5.1. Incident Response
bjCSIRT will define, assess and prioritise all types of ICT incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident Triage
- Investigating whether indeed an incident occurred.
- Determining the extent of the incident.
5.1.2. Incident Coordination
- Determining and contacting the involved organizations.
- Facilitating contact with other parties including law enforcement, if needed.
- Asking for reports and/or composing reports, depending on the involved organizations, incident type and severity.
- Communicating with media, if necessary.
5.1.3. Incident Resolution
- Advising the involved organization(s) on appropriate measures.
- Following up the incident solution process.
- Collecting evidence and interpreting data, if applicable.
5.2. Proactive Activities
- Conducting periodic security audits
- Providing relevant information on threats, trends and remedies to their constituency (and/or media, if necessary) to raise security awareness and competence.
- Collecting contact information of local security teams.
- Providing for a for community building and information exchange within the constituency.
5.3. Cybercrime investigation
This service aims to provide to LEO relevant information during cybercrime investigation. bjCSIRT provides digital forensics services to LEO
6. Incident Reporting Forms
bjCSIRT expects the reporter to be able answer 3–5 standard questions (Where? When? What? How? Who?) and provide the assumptions according to the logs. It is also possible to submit the incident report form online at https://csirt.gouv.bj/report
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, bjCSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
