Appendix A - 2.0, 1 November 2011 ======================================== Standard definitions taken from the IETF approach [RFC2119] MUST This word, or the terms "REQUIRED" or "SHALL", mean that the definition is an absolute requirement of the specification. SHOULD This word, or the adjective "RECOMMENDED", mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course. Appendix A to The FIRST membership process: =========================================== 1. Team Name - Official team name:CiberSOC-ICA - Short team name (Acronym):CiberSOC-ICA - Host organization (if the team is decentralised, list all host organizations):Grupo ICA - Country the team is located in (if multiple offices exist, list all countries):Spain - Date of establishment:2004 2. Constituency - Type of constituency (vendor customer base, internal to host organization, ISP customer base, major service provider, major service provider, or...):MSSP - Description of constituency: The CiberSOC-ICA supports incident response and security services for: Grupo ICA customers, including: Spanish Enterprises and Public Administration - Internet domain and/or IP address information describing the constituency:http://www.grupoica.com/sobre-nosotros - All countries in which constituency members are located in:Spain 3. Team Contact Information - Regular telephone number (country code, telephone number, timezone relative to GMT):+34 91 3110487 GMT +1 - Emergency telephone number (country code, telephone number, timezone relative to GMT):+34 91 591 20 88 GMT + 1 - Email address:alertaseguridad@grupoica.com - Corporate Web Address: https://www.grupoica.com - Corporate Security Page:https://www.grupoica.com/ciberseguridad - Facsimile number (country code, telefax number): Not available - Other telecommunication facilities: Not available - Postal address:La Rábida 27, 28039 MADRID SPAIN - Invoice address (Please include contact name and email):La Rábida 27, 28039 MADRID SPAIN. Alberto Cañadas Alvarez. alberto.canadas@grupoica.com - Aliases to be included in the FIRST mailing lists: - FIRST-REPS mailing list - first-reps@first.org (mandatory): Fernando Quintanar Cenjor Email Address: fernando.quintanar@grupoica.com - FIRST-TEAMS mailing list - first-teams@first.org (mandatory): Email Address: seguridad@grupoica.com 4. Team Contact Information Team Representative - Name of person representing the team: - Team Representative: Fernando Quintanar Cenjor - Contact information: fernando.quintanar@grupoica.com - Secondary Team Rep: Radoslaw Lekston - Contact Information: radoslaw.lekston@grupoica.com - Contact information for person/organization representing the constituency: Alberto Cañadas Alvarez. alberto.canadas@grupoica.com - Contact information for person representing the host organization: Juan Carlos Narro Guerrero. General Manager Grupo ICA. juancarlos.narro@grupoica.com 5. Team Members - Names, contact information and PGP keys of other team members (If approved by the MC and the SC, teams can be allowed to only list certain members. At least one member in addition to the FIRST Representative MUST be named anyway.): - Team Representative: Fernando Quintanar Cenjor - Contact information: fernando.quintanar@grupoica.com - Secondary Team Rep: Radoslaw Lekston - Contact Information: radoslaw.lekston@grupoica.com Indicar algún otro miembro del equipo. Incluir la clave PGP de cada uno. 6. References - FIRST sponsors: INCIBE-CERT and Red IRIS - Track record of working relationships with other teams: CCN-CERT and ESP DEF CERT 7. Services Specify available reactive services, using the following list (removing or adding to it): - Alerts and Warnings - Incident Handling - Incident analysis - Incident response on site - Incident response support - Incident response coordination - Vulnerability Handling - Vulnerability analysis - Vulnerability response - Vulnerability response coordination - Artifact Handling - Artifact analysis - Artifact response - Artifact response coordination - Forensic analysis - Specify available proactive services, using the following list (removing or adding to it): - Announcements - Technology Watch - Security Audits or Assessments - Configuration and Maintenance of Security Tools, Applications, and Infrastructures - Development of Security Tools - Intrusion Detection Services - Security-Related Information Dissemination - Specify security quality management services, using the following list (removing or adding to it): - Threat Intelligence: internet, Deep web, dark web - Technology Watch - Security Audits or Assessments - SIEM services - Development of Security Tools - Intrusion Detection Services - Risk Analysis - Security Consulting - Education/Training 8. Business Hours (Optional) - Description of business hours: 24x7x365 - Procedures for contacting the teams outside business hours:CiberSOC-ICA contact 9. Technical Expertise Please describe your teams expertise below: 15 years experience in installation, integration of sources, and monitoring of all types of events and assigning systems. This experience has allowed us to generate a work team with work capacity and knowledge on a wide range of systems. We have experience in generating vaccines on fraudulent elements and threats and a complementary team that allows the management of perimeter rules to mitigate and operate automatically with protection elements.