Contáctanos

About C-SIRT

Heimcore C-SIRT

Welcome to Heimcore, a technology solutions company that specializes in the protection of business systems and data.

Our team of highly trained professionals offers technological security services, including our CSIRT (Computer Security Incident Response Team) service.

Mission

Our mission is to provide customized and effective technology security solutions that help protect our clients against cyber threats.

Vision

Our vision is to be the leading provider of technological security solutions and to be recognized for our innovative approach and our ability to adapt to the needs of our clients.

What is

Heimcore CSIRT is our computer security incident response team. We offer a wide range of specialized services to help organizations identify, prevent and respond to computer security incidents.

Our services include threat monitoring and detection, incident response, incident analysis, and security consulting, among others.

Descargar documento

Why choose Heimcore CSIRT?

There are several reasons why you should choose Heimcore CSIRT to protect your organization against cyber threats. First, our team is highly trained and experienced in responding to computer security incidents. Second, we offer customized solutions to fit the unique needs of each organization. Third, we are available 24/7 to respond quickly to any computer security incident that may occur. Finally, our approach focuses on minimizing the impacts of security incidents on the organization and its critical information assets.
Heimcore Incident Response Process:
Our cybersecurity incident response process follows a series of steps to ensure a rapid and effective response. First, we identify the threat and determine its scope. We then conduct a threat analysis to understand the nature of the threat and how it is affecting the organization. We then worked on containing the incident to limit the damage. We then restore the affected systems and take steps to prevent future incidents. Throughout the process, we maintain constant communication with the client to keep them informed of the status of the incident and the measures we are taking to resolve it.
Our Team:
Our CSIRT team is comprised of highly trained and experienced cyber security experts in responding to cyber security incidents. Each team member has specialized skills and knowledge in different areas of computer security, allowing us to provide effective and customized solutions to our clients. Additionally, our team stays up-to-date with the latest cybersecurity trends and technologies to ensure our clients are protected against the latest cyber threats.

How does Heimcore CSIRT work?

Incident Response

Our CSIRT service works using a multi-stage security incident response approach. When an incident is detected or reported, our CSIRT team begins the response process by going through the following steps:

Assessment

Our CSIRT team assesses the incident and determines its scope and severity.

Containment

Our team works to contain the incident and limit its spread.

Analysis

We conduct a detailed analysis of the incident to understand its nature, how it happened, and what its impact is on the organization.

Mitigation

We then take steps to mitigate the impact of the incident, including restoring systems and implementing additional security measures to prevent future similar incidents.

Report

We provide a detailed report on the incident and the steps taken to resolve it.

Features of Heimcore CSIRT

Experience and Technical Skills:
Heimcore CSIRT is made up of highly trained and experienced professionals in the field of computer security, who can respond effectively and quickly to any security incident that may arise.
Monitoring and Detection:
Heimcore CSIRT establishes effective security monitoring and detection systems to identify any security incident before it becomes a significant threat.
Clear Processes and Procedures:
Heimcore CSIRT has procedures and protocols in place to effectively handle any type of security incident, including early identification, impact assessment, containment and recovery.
Training and Education:
Heimcore CSIRT provides ongoing training and education to employees and users to increase security awareness and minimize the risk of future security incidents.
Collaboration and Coordination:
Heimcore CSIRT works closely with other teams in the organization, such as the IT team, to ensure an effective and coordinated response to a security incident.
Current cooperation with other regional CSIRTs:
www.colcert.gov.co/
cc-csirt.policia.gov.co/
1. HEIMCORE C-SIRT Scope
Heimcore’s CSIRT (Computer Security Incident Response Team) is a specialized computer security group that provides services to external companies and Heimcore itself. Its main objective is to efficiently detect, analyze and respond to security incidents affecting the networks and information systems of its clients and of Heimcore.
2. Incident Types and Support Levels

HEIMCORE C-SIRT establishes various levels of support depending on the nature and severity of the incidents, as well as the impact they may have on the operations and security of companies. Support levels are classified as follows:

– Level 1: Critical incidents that require an immediate and priority response. They include attacks that compromise the integrity, confidentiality or availability of systems and data, as well as threats that put the physical security of users at risk.

– Level 2: High priority incidents that require a timely response. They include attacks that affect the availability of services, compromise sensitive information, and threaten to have a significant impact on the security of systems.

– Level 3: Medium priority incidents that require a response within a reasonable time frame. They include incidents that do not represent an immediate risk but require attention and follow-up to avoid possible negative consequences.

– Level 4: Low priority incidents that can be addressed over a longer time frame. They include minor or lower-impact incidents that do not require an immediate response, but must be evaluated and resolved within a reasonable time.

HEIMCORE C-SIRT support levels are established based on the type and severity of the incidents or problems reported, as well as the size of the affected community and the resources available at the time. The CSIRT response will be provided within a reasonable time frame and resources will be allocated according to the following priorities, in descending order:

  1. Threats to Physical Security:

Priority will be given to dealing with incidents that pose an immediate risk to people’s physical integrity.

  1. Attacks on Critical Infrastructure:

Incidents affecting information management systems or network infrastructure will receive a rapid and focused response.

  1. Attacks on Public Service Equipment:

Incidents affecting public service equipment, whether multi-user or dedicated, will be addressed in order to minimize the impact on the provision of essential services.

  1. Confidential Information Commitment:

Incidents involving unauthorized access or exposure of sensitive information will be addressed on a priority basis, especially those affecting restricted accounts or administration systems.

  1. Denial of Service Attacks:

Denial of service attacks affecting any of the above points will be responded to in a timely manner in order to mitigate the impact on the availability of systems and services.

  1. Other Types of Attacks:

Attention will be given to other types of attacks not mentioned above, assessing the severity and scope of each case individually.

  1. Incident Investigation and Response:

Thorough investigations will be conducted and incident responses will be provided within a reasonable time frame, taking into account the availability of resources and the priority assigned to each case.

It is important to note that priority of care may be adjusted based on the specific circumstances of each incident and the risk assessment performed by the HEIMCORE C-SIRT. The main objective is to ensure the security and protection of the infrastructure and assets of the organizations involved, as well as to minimize the impact caused by security incidents.

3. Communication and Information Sharing

HEIMCORE C-SIRT promotes communication and information sharing to collaborate in the prevention and resolution of security incidents. Cooperation agreements will be established with other CSIRTs, security agencies and service providers to exchange information on threats, vulnerabilities and best practices. The communication of information will be governed by the following guidelines:

Confidentiality

The identity and confidential information of clients and Heimcore will be protected at all times. Information classified as confidential will be handled in accordance with Heimcore's internal policies and procedures.

Authentication

Authentication and validation measures will be implemented for the identity of the parties involved in the communication of sensitive information.

4. Publication of Information

HEIMCORE C-SIRT is committed to complying with all legal and ethical restrictions related to the sharing of information. We recognize the importance of fostering collaboration and cooperation in the field of computer security to prevent and resolve incidents effectively. Our information disclosure policy is based on the following principles:

  1. Confidentiality of Private Information:

Private User Information: No identifiable information about individual users or specific applications will be published outside of the HEIMCORE C-SIRT. Users’ identities will be protected and modified to preserve their anonymity in any presentation or report.
Intruder Information: No information that could identify intruders will be shared unless required by legal or judicial matters and will be shared only with competent authorities and other trusted CSIRTs.

  1. Responsible Disclosure:

Vulnerability Information: Technical information on vulnerabilities, attacks and mitigations will be shared, following best practices and agreed procedures. Reasonable efforts will be made to notify manufacturers prior to public disclosure on the Internet.
Private Information from Sites or Systems: No specific technical information about systems or sites will be disclosed without the prior consent of those responsible for such infrastructure.
Sensitive Information: Information that may cause embarrassment or harm to individual users, organizations or groups will not be published without their express consent.

  1. Communication and Cooperation:

CSIRT Heimcore Member Exchange: Heimcore network members will be provided with the information necessary to address security incidents in their respective areas of responsibility and jurisdictions.
Heimcore CEO: Heimcore’s CEO will have access to relevant information on security incidents and related issues to make decisions and coordinate necessary actions.
Heimcore Network Administrators: Heimcore member network administrators will receive relevant information to troubleshoot and protect their networks, servers and systems.
Heimcore Users: Users will be provided with information regarding the security of their accounts and will be assisted in investigating and mitigating any incidents affecting their systems.
Heimcore Community: Unrestricted information will be shared with the general community unless otherwise specified by the affected parties. The dissemination of statistical information and good practices will help raise awareness and strengthen security in the community.
External Cooperation: The HEIMCORE C-SIRT will collaborate responsibly and confidentially with other CSIRTs, entities, and manufacturers in resolving security incidents and improving the overall security environment.
We are committed to providing effective cooperation and confidentiality in all exchanges of information by following applicable laws and regulations. Security and privacy protection are our priority as we work together to maintain a safe digital environment for all Heimcore members and the community at large.

  1. Continuous Evaluation and Improvement

The HEIMCORE C-SIRT will conduct periodic evaluations of its performance and effectiveness in managing incidents. Metrics will be collected, and results analyzed to identify areas for improvement and implement corrective actions. The goal is to maintain a high level of quality in incident response and to adapt to new security threats and challenges.

These policies establish the guidelines and principles that govern the operations of HEIMCORE C-SIRT in managing security incidents. They will be reviewed and updated periodically to ensure their validity and relevance in a constantly evolving environment.

Legal Notice:

While every precaution has been taken in the preparation of information, notifications and alerts, HEIMCORE C-SIRT assumes no responsibility for errors, omissions or damages resulting from the information contained herein. HEIMCORE C-SIRT reserves the right to modify these policies at any time without prior notice.

  • Call us

Heimcore SOC/CSIRT Team

PUC: 57 (601) 5804352
Mobile #: 304 2218925

  • Write to us

csirt@heimcore.com.co

  • Address

Calle 98 # 70-91 Oficina 202-203

Centro Empresarial Pontevedra –
Bogotá, Colombia.

  • Opening hours

Sunday to Sunday
24/7
SOC First Level Support

  • PGP Key

We guarantee your privacy: Implement PGP with our public key to encrypt your messages. Contact us for more information.

KEYID: 8996 1E77 367A 3BDB FINGERPRINT: E17A 2391 D092 8658 0197 AE6E DF2A 0615 F3E3 2CB4

Follow us
Facebook Linkedin Youtube
Information
Links
Legal Links
Work with us

Bogotá - Colombia

  • Calle 98 # 70 – 91 | Oficina 202 – 203 Centro Empresarial Pontevedra.

Cali – Colombia

  • Calle 64 Norte # 5B Norte – 146 Oficina 410 A Edificio Centro Empresa.
  • Mercadeo@heimcore.com.co
  • (+57) 601 5804352

Heimcore. Copyright © 2023 All Rights Reserved - Developed by e-me.

I want to work at

If you apply to one of the above offers, do not hesitate to send us your resume with all your information.