-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 RFC 2350 1. Information about this document This document describes the incident response coordination service from the GALP Energia, SGPS, S.A group and all its subsidiaries, according to the RFC2350. 1.1 Date of Last Update This is version 2.0 published 2023/06/09. 1.2 Distribution List for Notifications There is no existing distribution channel for notifications of updates. 1.3 Locations where this Document May Be Found Site - Galp - https://www.galp.com/corp/pt/sobre-nos/csirt-galp 1.4 Authenticating this Document This document is signed with CSIRT GALP PGP key. 2.Contact Information 2.1 Name of the Team CSIRT GALP 2.2 Address CSIRT GALP Energia, SGPS, S.A Rua Tomas da Fonseca - Torre C , 4 Piso 1600-209 Lisboa Portugal 2.3 Time Zone Portugal/WEST (GMT+0, GMT+1 in Summertime) 2.4 Telephone Number (+351) 217 242 500 2.5 Facsimile Number Not available 2.6 Other Telecommunication Nonexistent 2.7 Electronic Mail Address csirt@galp.com 2.8 Public Keys and Other Encryption Information PGP Key ID: 6463D217 PGP Fingerprint: 4CFE B46D B995 B727 A05A 24D0 A345 1980 6463 D217 The PGP Key may be retrieved in: https://openpgp.circl.lu/ 2.9 Team Members Manager: Luis Morais The information about the rest of the team members is only available by request. 2.10 Other Information General information about CSIRT GALP can be found at https://www.galp.com/corp/pt/sobre-nos/csirt-galp 2.11 Points of Customer Contact CSIRT GALP can be contacted by the means specified on section 2.2 and 2.4 to 2.7. 3. Charter 3.1 Mission Statement To protect Information Security in the GALP Group, considering all stakeholders, while also cooperating towards an increasing cybersecurity resilience in the geographies where the GALP Group is present, through its role as an Essential Service operator. 3.2 Constituency CSIRT GALP manages cyber security incident response concerning employee and client information processed or archived in its IT infrastructure or on external stakeholders' IT systems, in this case subject to contractual clauses in place. The IP addresses ranges within CSIRT GALP's National scope are: 62.28.44.132/30 62.28.82.224/29 62.28.115.8/29 62.28.115.64/28 62.28.115.80/28 62.28.115.128/27 62.28.134.32/32 62.28.115.160/27 62.48.177.118/32 62.48.177.126/32 62.48.245.206/32 83.174.44.132/30 83.240.208.128/26 83.240.212.112/29 83.240.212.120/29 194.65.37.67/32 194.65.37.68/32 194.65.37.69/32 194.65.37.70/32 194.65.37.70/32 194.65.37.71/32 197.214.88.154/30 154.73.63.210/30 105.174.29.10/30 196.29.206.114/30 41.221.195.64/28 200.186.166.176/29 200.186.166.184/29 197.235.19.26/32 197.235.19.30/32 197.235.17.200/29 41.215.147.43/32 3.3 Sponsorship and/or Affiliation CSIRT GALP is part of GALP's second line of cyber security defence, reporting directly to GALP CISO. 3.4 Authority CSIRT GALP attributions are defined by the CISO of GALP Energia, SGPS, S.A 4. Policies 4.1 Types of Incidents and Level of Support CSIRT GALP handles every type of Information Security Incident, and has adopted the Portuguese National CSIRT Network Taxonomy, available at: https://www.redecsirt.pt/files/RNCSIRT_Taxonomia_v3.0.pdf 4.2 Co-operation, Interaction and Disclosure of Information The privacy and data protection policies of CSIRT GALP ensure that sensitive information is only shared with third parties on co-operation and a need-to-know basis. 4.3 Communication and Authentication Non-sensitive Information might be shared through telephone and clear text email with appropriate precautions. In order to transmit senstitive information, the usage of PGP encryption is Mandatory. CSIRT GALP recognizes and adopts TLP (Traffic Light Protocol) for sharing and dissemination of information. 5. Services 5.1 Incident Response Coordination CSIRT GALP is responsible for handling cyber security incidents related with the whole Constituency. 5.2 On-Site Support To the whole Constituency. 5.3 CSIRT Capability Building: CSIRT GALP promotes Information Security awareness for GALP employees and external suppliers that have access to GALP's systems or information. This is done through: 1) Cyber security culture activation program 2) Participation in internal and external cybersecurity exercises 3) Third Party Risk Management - To all suppliers 5.4 Security Alerts CSIRT GALP is responsible to disseminate cyber security alerts, in order to prevent cyber security incidents and raise awareness to the whole constituency. 5.5 Red Team assessments This service is part of the CSIRT GALP cyber resillience program 5.6 Digital Forensics This service is part of the CSIRT GALP cyber security incident response process 6. Disclaimers Although all precautions are taken in the preparation of information, CSIRT GALP does not take any responsibility for errors, omissions, or damage resulting from the use of this information. -----BEGIN PGP SIGNATURE----- iQGzBAEBCgAdFiEETP60bbmVtyegWiTQo0UZgGRj0hcFAmSZtVkACgkQo0UZgGRj 0hepiQwAsNUU6ksJnUPSgsa36UPvuZFzoHAmSGu5CmGfkwpWPQDYTZwRhVFKCgtM jPD0cHjFdQ5u5qg8nAWKUo7+WTyLX07Vsb7HRBCET036VGOGC856N/rXny4rHC27 urBtHsZBzicl3F+nDu0QHrLmBWSdAX4SMcR/KdksIrblif/BJ4RbUozE8k2cWoPI eyJ66qGbjYrvPTJRoQ96wa/pOGXasIPKuMMfcqvTxDKczc7R1OTpOeU/8jZcsud8 KioVg1QdGIOpDlIQbV7+CsAsKw6ZkUfOVC3kJa0SZAx4eGRP2q0JtYwV3Mgb9rgL RSGK47i0MVWfzzbGtDmgBi1xFde6sr9WgKDisV+16qcHn/vtKo0VXWL0eW4f+Ivw fqn/0MNKNWnJdLAoEWiSFdyd+IW2qiV5lFMXrCnJ1b9Z9mrsYofd9WsJWA/hrSJY ttZ2ZfF7Hri+mx+xBDrdKZf9vYrTa16dcPRYmCXvt2DCtzqAYuE7FFU6NEMQRTl5 BYNRgBFa =sskt -----END PGP SIGNATURE-----