ENOC (Ednon NEXT Operations Center) is our Security Operations Center (SOC) and where our computer security incident response team (CSIRT) operates.
It is certified under the National Security Scheme (ENS) and under UNE-ISO 27001: 2014 (Information Security Management System).
ENOC-CSIRT is a private CSIRT dedicated to provide services to public and private organizations, and it is created by mandate of the EDNON manadgement with the mission of providing security services and protecting the information systems of the different departments of the organization and clients external to it, both being here in after referred to as the beneficiaries, in the event of security incidents that could affect the integrity, confidentiality or accessibility of the data and / or damage the operations or reputation of those affected.
To achieve these objectives, ENOC-CSIRT performs, among others, the following tasks:
To achieve these objectives, ENOC-CSIRT adheres since its creation to the following values:
The services provided by ENOC-CSIRT are directed to all EDNON internal departments and to external company organizations subscribed to them.
ENOC-CSIRT is part of the EDNON S.L. operations group. It also maintains contact with different CSIRTs and related organizations from Spain, Europe and Latin America.
Our SOC CSIRT is a member of the TF-CSIRT (Trusted Introducer) forum, the main European forum for Incident Response and Information Security Teams. The Trusted Introducer Service was established by the European CERT community in 2000 to address common needs and build a service infrastructure providing vital support for all security and incident response teams. The Trusted Introducer Service forms the trusted backbone of infrastructure services and serves as clearinghouse for all security and incident response teams. It lists well known teams and accredits as well as certify teams according to their demonstrated and checked level of maturity. Vital member’s only services enabling security and incident response teams to interact more efficiently and effectively with each other are available to all accredited and certified teams.
ENOC-CSIRT operates, within EDNON S.L., under the authority of our Head of Information Security and the company’s Management.
Regarding its external clients, ENOC-CSIRT acts as an advisor to the security teams of those clients and doesn’t have authority over them. Therefore, the implementation of the provided recommendations will be exclusively responsibility of the client.
All the services provided can be consulted in the descriptive document of the service: RFC 2350 ENOC-CSIRT (rfc2350_enoc-csirt.pdf).
ENOC-CSIRT uses the e-mail address firstname.lastname@example.org and the following PGP key for communications related to incident management:
Name: ENOC-CSIRT incidents <email@example.com>
Key ID: 0x6ED9AD2C6D24B356
Fingerprint: 2E0F 80F8 A08F 4801 B558 F483 6ED9 AD2C 6D24 B356
For administrative communications, the email address firstname.lastname@example.org associated with the following PGP key is used:
Name: ENOC-CSIRT Team <email@example.com>
Key ID: 0x067EACDC7D3982AB
Fingerprint: 7301 6FC9 C4D7 8CA0 1221 271D 067E ACDC 7D39 82AB
These keys are available on public PGP key servers.
PGP encryption must be used in all email communications that require it due to its level of confidentiality.
ENOC-CSIRT RFC 2350 document has been signed with PGP signature corresponding to the address firstname.lastname@example.org.
Signature file accesible at: rfc2350_enoc-csirt.pdf