RFC2350

Document Information

1.1 Date of last update: This is the latest version 2.0 as of May 06, 2024. 1.2 Distribution Lists: Changes to this document are announced on and through the Cybolt SGIC Portal. 1.3 Document Location: The latest version of the document is published at: https:/RFC2350

Contact Information

2.1 Team Name: “BeaconLab”, Cybolt’s Cyber Incident Response Center 2.2 Address: Centro Tecnológico Metepec. Adolfo López Mateos 1956. Bellavista Metepec, 52148, Edo. Méx 2.3 Time Zone: CDMX, Mexico (GMT-6) 2.4 Telephone Number: (+52) 8007374357 , (+52) 5550157483 2.6 Other Communications: The preferred form of communication is via email, telephone, videoconferencing and other telecommunications options that can be coordinated upon request. 2.7 E-mail Addresses:

• Incident information exchange: abuse@
• General inquiries: info@
• Other contact e-mail addresses are published at https:/contact/.

2.8 Public Keys and encryption of information: Contact emails and associated PGP keys are published at https:/contact/ and are also stored at https://keys.openpgp.org.

• abuse@ Fingerprints: 86DFD0305467D291829ED929B5B1C7292F28D349
• info@ Fingerprints: 97825B7D624250966FD7CEE8D11B075E3B25E7B7

2.9 Team Members: Owner: Luis Alfredo Herrera Camacho, luis.herrera@cybolt.com The names and information of the members that make up BeaconLab are not publicly disclosed. In the event that a report is made, staff will identify themselves by full name through formal communication. 2.10 Further Information: General information about the services provided by BeaconLab is posted on the web portal https: and at https://www.cybolt.com 2.11 Hours of Operation: BeaconLab is available during the following hours:

• Service inquiries: office hours (Monday to Friday 08:00 to 18:00 hours)
• Incidents rated low and medium criticality: office hours
• Incidents catalogued as highly critical: 24×7

For operational inquiries (e.g., the status of an existing ticket), please contact abuse@. For general inquiries (e.g., comments or how to subscribe to a mailing list), please contact info@. 2.12 Points of contact for the community: Communication between the BeaconLab team and the community in general is through the following means:

• Web form:
  • https:/contact
• Mailbox associated with the subject to be consulted.
  • abuse@ to report security incidents
  • info@ for contact and information
• Social networks:
  • Twitter: @BeaconLabMX
  • LinkedIn: https://www.linkedin.com/showcase/beaconlabcybolt/
  • Telephone: (+52) 8007374357

3. Constitution

3.1 Mission: 3.2 Community served – “Target Community”: It comprises the organizations, both national and international, with which Cybolt establishes a contractual relationship. The scope and coordination actions of each managed incident depends on the type of contract signed. 3.3 Sponsorship, Affiliation and Authority: BeaconLab is an entity under Cybolt’s Security Managed Services Business Unit. Authority is given by an official mandate from Cybolt’s CEO.

4. Policies

4.1 Type of Incidents and level of support: BeaconLab responds to all types of cyber security incidents reported to it by any client organization, as set forth in that client’s contract. The scope of BeaconLab’s management of a cyber incident could encompass:

• Preliminary analysis of the cyber incident.
• Notification, coordination and guidance to stakeholders and those responsible for the affected systems in order to take the pertinent actions.
• The proposal of pertinent recommendations for future correction and prevention.
• Depending on the terms and conditions of the contract, the nature of the incident, the request and/or cooperation of the parties involved in the incident and the established procedures, BeaconLab may assist in the implementation of immediate containment actions, as well as in the investigation and analysis of the compromised system. In those cases where the response to an incident has resulted in recommendations for actions on assets, resources or processes that are not managed by Cybolt or BeaconLab, or that are not included in the terms and conditions of the contract, they will be outside the scope of the service. In those cases where the response to an incident involves corrective or preventive action on a product or service that is provided and managed by Cybolt, this will be included as part of the scope of incident management.

4.2 Cooperation, interaction and dissemination of information: The information handled by BeaconLab is treated with absolute confidentiality in accordance with BeaconLab’s information security policies and procedures and Cybolt’s policies, regulations and standards. BeaconLab does not publish or share with third parties detailed information of cyber incidents that have been reported to it, unless it has been explicitly authorized by the affected parties or when they are requested by judicial means. Incident information will only be shared on a legitimate need basis for incident management, either with the victim, affected system administrators or other CSIRTs as long as there is a legitimate need to control, remediate or prevent incidents. Whenever possible, this information will be shared in an anonymized manner and/or without revealing data that could identify victims. BeaconLab may publish or share statistical information, as well as anonymized information about specific incidents for awareness and training purposes only, without disclosing data that would identify victims or disclose details that would put stakeholders at risk. 4.3 Communication and Authentication: The available means of communication with the BeaconLab are:

• Web form https:/contact/
• Inquiries and information mailbox info@
• Telephone:(+52) 8007374357

5. Services

5.1 Incident Management 5.1.1 Incident Triage BeaconLab provides technical and operational support in the different stages of the Incident Management process: detection, analysis, notification, containment, eradication and recovery. This process includes the assessment of available information and its prioritization (triage), validation and verification, scoping, collection of additional evidence required and communication with relevant parties. 5.1.2 Incident Coordination BeaconLab makes its best effort to determine the nature, scope, impact and affected parties of an incident, facilitating contact with other organizations that may be involved and/or affected. It provides practical and actionable information, guidance and recommendations to victims so that they can best mitigate cybersecurity incidents that affect them and provide policies and guidelines to improve their detection and prevention strategies. BeaconLab collaborates with other Incident Response Centers (CERT/CSIRT) or Security Operations Centers (SOC) from all sectors by sharing information relevant to their target communities. 5.1.3 Post Incident Recovery and Actions BeaconLab guides those involved with recommendations to contain, mitigate and remediate the incident, as well as recommendations to avoid similar incidents in the future. It also advises the client on the most appropriate actions, follows up on the Incident Management and the measures the organization should take to prevent future cyber incidents. According to the contractual terms, BeaconLab could provide technical and legal advice on forensic expertise, digital evidence safekeeping with chain of custody, digital forensic laboratory and cybercrime investigation training. 5.2 Prevention BeaconLab provides various services to raise awareness and prevent any incident. These include:

• Cybersecurity Monitoring (SOC)
• Managed cybersecurity services: Consists of the administration, monitoring and operation of the client’s security platforms, for a quick and timely response to the alerts they generate, and also for their proper management and protection.
  • Managed SIEM
  • Managed Enpoint Protection
  • Managed Firewall
  • Managed Hardening
  • Managed Information Security
  • Identify Management
  • Vulnerability Management
• System, network and software vulnerability audits or analysis (code)
• Reports, alerts and advisories on new threats and vulnerabilities of Threat Information Systems, collected from various reputable sources, including our own, as well as open sources (OSINT).
• Research and dissemination of best practices on Information Security.
• Development of Safety Guides with regulations, procedures and best practices.
• Participation in Seminars, Congresses, Conferences and Cybersecurity awareness events.

6. Incident reporting forms

Incident reporting can be done through the dedicated mailbox: abuse@.

7. Disclaimer of Liability

The BeaconLab Team is not responsible for any misuse of the information contained herein.

8. Code of ethics:

The BeaconLab team adheres to the Ethics FIRST working group’s code of ethics: https://ethicsfirst.org/FIRST_EthicsfIRST_es.pdf RFC2350 file in English