[anti-abuse-wg] Adding a "Security Information" contact?

On 07-06-2022 12:42 +0200, Gert Doering wrote:
> Hi,
> 
> On Tue, Jun 07, 2022 at 12:35:47PM +0200, denis walker wrote:
> > You could add an optional attribute "security-mailbox:" alongside
> > the
> > "abuse-mailbox:". If present it could be returned in a query with
> > the
> > abuse-mailbox address by default, or with a specific query. Or
> > reference it separately with a "sec-c:" attribute.
> 
> Agree, this would be one of the options.
> 
> But then, what is admin-c: and tech-c: intended to be used for,
> today?
> 
> (Expecting no answers, just pointing out that there is lack of clear
> understanding)
> 
> Gert Doering
>         -- NetMaster

I don't think the problem would be to add a new attribute if needed.
The problem would be to *define* what should go there (and then get
everyone downstream to use that new attribute)

The line is quite thin. And not every company will group things in the
same way.

"There's a vulnerable Confluence server on your network" → Vulnerable
"This IP has contacted a botnet C&C server" → Compromised
"This is sending emails with malware" → Attacking other networks 

And often it will go in that succession. There was a vulnerable system,
that got compromised, and then used to attack third parties.
In some cases the same team will handle all of those. Others may have a
different team for patching than for dealing with compromised hosts.
And others may only stat worrying only after it starts giving problems
to others.


Regards


-- 
INCIBE-CERT - Spanish National CSIRT
https://www.incibe-cert.es/

PGP keys: https://www.incibe-cert.es/en/what-is-incibe-cert/pgp-public-keys

====================================================================

INCIBE-CERT is the Spanish National CSIRT designated for citizens,
private law entities, other entities not included in the subjective
scope of application of the "Ley 40/2015, de 1 de octubre, de Régimen
Jurídico del Sector Público", as well as digital service providers,
operators of essential services and critical operators under the terms
of the "Real Decreto-ley 12/2018, de 7 de septiembre, de seguridad de
las redes y sistemas de información" that transposes the Directive (EU)
2016/1148 of the European Parliament and of the Council of 6 July 2016
concerning measures for a high common level of security of network and
information systems across the Union.

====================================================================

In compliance with the General Data Protection Regulation of the EU
(Regulation EU 2016/679, of 27 April 2016) we inform you that your
personal and corporate data (as well as those included in attached
documents); and e-mail address, may be included in our records 
for the purpose derived from legal, contractual or pre-contractual
obligations or in order to respond to your queries. You may exercise
your rights of access, correction, cancellation, portability,
limitationof processing and opposition under the terms established by
current legislation and free of charge by sending an e-mail to
dpd at incibe.es. The Data Controller is S.M.E. Instituto Nacional de
Ciberseguridad de España, M.P., S.A. More information is available
on our website: https://www.incibe.es/proteccion-datos-personales
and https://www.incibe.es/registro-actividad.

====================================================================