RFC 2350 - Cyber Security Incident Response Team (CSIRT) Telkomsigma

 

1. Cyber Security Incident Response Team (CSIRT)

As an essential element in the continuity of a company's business as a provider of information technology services, Telkomsigma has formed the Cyber Security Incident Response Team (CSIRT), known as Tim Tanggap Insiden Siber (TTIS), with the aim of safeguarding and securing the company's business continuity from various cyber attacks by providing solutions and digital services for the company.

CSIRT Telkomsigma was established based on the information security organization decree of the Ministry of Finance regarding information security management (KMK-942 Year 2019).

Basic information about CSIRT Telkomsigma has been signed with PGP key version 1.0 issued on December 12, 2023, and is available in Document RFC 2350 (Indonesian version) Info Details.

 

2. Objectives and Functions of CSIRT

CSIRT Telkomsigma focuses on managing cyber attack incidents on computer devices and protecting information assets within the PT Sigma Cipta Caraka environment, as well as contributing to secure and reliable digital services.

3. Functions of CSIRT

a. Actively detect and continuously monitor computer and network security threats to identify potential security incidents.

b. Provide rapid response to identified security incidents to minimize their impact and restore affected systems.

c. Conduct comprehensive investigation and analysis of security incidents to identify their causes, gather digital evidence, and develop a deep understanding of the incidents.

d. Provide education and training to organization members on better security practices to prevent computer security incidents.

e. Collaborate with internal and external entities, including law enforcement agencies, security vendors, and other CSIRT teams, to enhance information exchange and response coordination.

f. Assist in developing effective computer security policies and response procedures.

g. Actively monitor the cyber environment to detect evolving threats and identify potential vulnerabilities.

h. Conduct security research to understand the latest trends and developments in security threats and attack techniques.

i. Develop or use necessary security tools to support detection, monitoring, and response to security incidents.

 

4. CSIRT Telkomsigma Services

The cyber security incident response services provided by CSIRT Telkomsigma are as follows:

a. Reactive Services are related to the need to respond to cyber incidents, including prevention, action, and cyber recovery, including alert tasks, incident handling, vulnerabilities, artifacts, technical support, coordination and response, vulnerability analysis, and interaction services (help desk).

b. Proactive Services are aimed at detecting and preventing cyber attacks before any real impact occurs, including announcement tasks, technology monitoring, compliance testing, device and infrastructure configuration, threat detection services, and information dissemination.

c. Security Quality Management Services support reactive and proactive activities, including policy and risk analysis training, disaster recovery planning, business continuity, security consultation, awareness enhancement, and CSIRT infrastructure management.

 

5. Types of Incidents for Cyber Service Handling:

a. Service Interrupt.

1) Denial of Service

2) Mail Bomb

3) Ping Attacks

4) Multiple Request Attack

5) Root Compromise

6) Packet Floods

7) RC Bots

8) Virus Infection

9) Brute force

b. Malicious Communication.

1) Threats

2) Hate Mail

3) Harassment Mail

4) IRC Abuse

5) Flaming directly to Individual

c. Unsolicited Bulk Email.

1) Spam

2) Chain Mail

3) Mass Mail

4) Application (SQL Injection).

 

CSIRT Telkomsigma Organization Profile

The Cyber Security Incident Response Team (CSIRT) Telkomsigma consists of employees of Telkomsigma. The CSIRT Coordinator is headed by the General Manager of Cyber Security Delivery and Operation at Telkomsigma.