Description for NOE LGA SOC 1. About this document 1.1 Date of Last Update Version 1.0, Date: 2022-04-08 1.2 Locations where this document may be found The current version of this CSIRT description document is available from the website of the Niederoesterreichische Landesgesundheitsagentur (NOE LGA) Website: https://www.landesgesundheitsagentur.at/impressum The URL of the Document is: https://www.landesgesundheitsagentur.at/fileadmin/media_data/Dateien/NOELGA/rfc2350_noelga.txt Please make sure you are using the latest version. 2. Contact Information 2.1 Name of the Team NOE LGA SOC: The Computer Emergency Response Team of the Niederoesterreichische Landesgesundheitsagentur (NOE LGA) / 2.2 Address NÖ Landesgesundheitsagentur Business Unit IKT Infrastruktur Services, NÖ LGA - Shared Services GmbH NOE LGA Security Operations Center Stattersdorfer Hauptstraße 6/C 3100 St. Pölten 2.3 Time Zone Central Europe Time (UTC+0100, UTC+0200 from last Sunday in March to last Sunday in October) 2.4 Telephone Number +43 676 858 70 35590 or +43 676 858 70 35022 2.5 Facsimile Number None. 2.6 Other Telecommunication None. 2.7 Electronic Mail Address cybersecurity(at)noe-lga.at 2.8 Public Keys and Encryption Information Currently we can not receive or send encrypted e-mails. We are working on that. In the meanwhile write us an e-mail and highlight the need for a secure exchange of confidential information. As an alternative, we will answer you with a link to a secure data transfer platform hosted by the NOE Landesgesundheitsagentur. 2.9 Team Members NOE LGA SOC's Team Chair is Gernot PRASCHL. Management and supervision are provided by Markus KOHLHEIMER, Chief Information Security Officer, NOE Landesgesundheitsagentur. 2.10 Other Information General information about the NOE LGA can be found at: www.noe-lga.at 2.11 Points of Customer Contact NOE LGA SOC's e-mail address is cybersecurity(at)noe-lga.at. Mail sent to this address will be stored in our trouble ticket system and will be taken care of by the duty team as soon as possible. This is the preferred way for reporting incidents. If it is not possible to use e-mail, the NOE LGA SOC can be reached during regular office hours by phone (cf. 2.4). NO ELGA SOC's hours of operation are our regular business hours (08:00-16:00 Monday to Friday except legal holidays of austria, November 15, Good Friday, December 24 and December 31) (08:00-12:00 Good Friday, December 24 and December 31) 3. Charter 3.1 Mission Statement The NOE LGA SOC is the expert group for operational ICT security at the NOE Landesgesundheitsagentur including its clinics and nursing homes. The purpose of the NOE LGA SOC is the coordination of efforts to - - eliminate potenial security issues and - - handle security incidents affecting the NOE Landesgesundheitsagentur including its clinics and nursing homes. 3.2 Constituency NOE LGA SOC's constituency is the NOE Landesgesundheitsagentur including its clinics and nursing homes. The services of the NOE LGA SOC are limited to the NOE Landesgesundheitsagentur including its clinics and nursing homes. Note that usually no direct support will be given to other organisations or end users. With the exception of the activities associated with the Austrian CERT / cert.at or the Austrian Health CERT. 3.3 Sponsorship and/or Affiliation NOE LGA SOC is located at the IT department of the NOE LGA Shared Services GmbH, the IT service organisation of the NOE Landesgesundheitsagentur. 3.4 Authority The main purpose of NOE LGA SOC is the handling of reported security incdents and internal ICT security issues. The NOE LGA SOC serves as a single point of contact for ICT infrastructure and domains related to the NOE Landesgesundheitsagentur. 4. Policies 4.1 Types of Incidents and Level of Support NOE LGA SOC is authorized to address all types of computer security incidents which occur, or threaten to occur, in our constituency (cf.3.2) 4.2 Co-operation, Interaction and Disclosure of Information The NOE LGA SOC cooperates at national level with general purpose and sector specific CERTs (CERT.at, Austrian Health CERT, CERT Teams of other austrian healthcare providers). 4.3 Communication and Authentication For normal communication not containing sensitive information NOE LGA SOC will use conventional methods like unencrypted e-mail. For the secure exchange of information, NOE LGA SOC may provide access to a secure data exchange platform, hosted by the NOE Landesgesundheitsagentur. 5. Services 5.1 Incident Response NOE LGA SOC coordinates incident prevention, handling and response within its constituency. Furthermore the NOELGASOC performs Vulnerability assessments within its constituency on a regularly basis. 5.1.1. Incident Triage - - determine wether an incident is authentic. - - determine the applications or departments involved. 5.1.2. Incident Coordination - - Contact the department(s) involved and ask them to investigate the incident and to take the appropriate steps. - - Notify other departments if appropriate. 5.1.3. Incident Resolution - - Assure the incident is handled properly by the affected department(s). Ask for feedback. - - If necessary take appropriate steps within the NOE Landesgesundheitsagentur including its clinics and nursing homes. (e.g. block ports, disconnect sites, etc. ) 5.1.4 Vulnerability assessments - - Performs automated vulnerablity scans within its constituency - - Recommends vulnerability handling priorities based on scan reports NOE LGA SOC collects statistics about incidents within its constituency. 5.2 Proactive Activities NOE LGA SOC provides the following proactive services: - - Information services - - Database of Security Contacts - - Vulnerability Scanning 6. Incident Reporting Forms There are no local forms in use. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, NOE LGA SOC assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained therein.