(Información en inglés)
This is version 1.0, published 2021/09/17.
Notifications of updates to this document are submitted to internal staff members of Bank Sabadell.
The most updated and current version of this document is available on the Banc Sabadell web site:
URL Banc Sabadell.
Please ensure you are using the latest version of the document.
This document has been signed using the Banc Sabadell PGP key. The signatures are also on our Web site PGP Signature: URL Banc Sabadell.
Grupo Banco Sabadell CERT: Grupo Banco Sabadell Computer Emergency Response Team.
Banc Sabadell. S.A., Avenida Óscar Esplá, 37, 03007 Alicante, Spain
Central European Time - CET (GMT+0100, and GMT+0200 from April to October).
Please encrypt any sensitive e-mails with the Grupo Banco Sabadell CERT PGP key and send it to: firstname.lastname@example.org.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: Encryption Desktop 10.3.1 (Build 13100)
mQENBGCb8RcBCADIdKviwiKkkhr9ssqjee0lVF4BxqVdSfb/h7bMnb6Bc2NHaFk2 1zo+r5oNC6/BOagHWcnF/tmCIkyjIZGzOak+SivtQRP3ewlwG/sKxuNRJYyeZh2i WsZcNCSrnST9x+X6PQZ30LO2Ba2t+MWh9e37OHG7tW0+vPIlhe39iq+SnTUq03UO yxJ8H8Jsh1prHu9zL2ONgMtyP2+HQ7h85rd0b7Y7gHgZXiDFkcjPXAVm4PCQLgpq 4H6DNQoDyQ91udQYAGszXmgc9baWIDou8i2leGj5AkivGWHkAUrv/kxTQsCsH/ve pCHCfX+AkLgug/ntRGBxgon/nr1BevKOtWRvABEBAAG0MUNFUlQgR3J1cG8gQmFu Y28gU2FiYWRlbGwgPGNlcnRAYmFuY3NhYmFkZWxsLmNvbT6JAXIEEAECAFwFAmCb 8RcwFIAAAAAAIAAHcHJlZmVycmVkLWVtYWlsLWVuY29kaW5nQHBncC5jb21wZ3Bt aW1lCAsJCAcDAgEKAhkBBRsDAAAABRYAAwIBBR4BAAAABhUICQoDAgAKCRAe3dQV MX7ywNvEB/9MyhVO+Xqsj2P5VLUufB2euLEyOR/w6F7nllIHjkQba6wyhZJbR+fz +uRnzTeyLz/FWMERka8ZgAW45H08+8WB4TRq3zopgky7D4kE4Q+ZHRofCNGAVD6v HtuTx/3EUso3mDQek77s7t6b6LAJWy9eZStE3ghVgWgVoPDZnBfGt9kmRDn8e+rd 6CWD0i8gVz295SGpqiK535B4zBBZG5poC1Nwqf/D838Q2vYBuPoavsfCJpZvEwZ6 niMBQt0jiimqYe6IrYaDEN9R4Lpx/knqKoUUSlzVvEVl37vuCBVgFnm2FqcTKdcx 8s2y6Ye75mQzNoChwbF4MiL3UPwzxRfDuQENBGCb8RcBCACwWxvs/qN1X+IEa13e PF6gCLpGvSnJMW0dBEaqycHbj5NqdkeLOIXji/l7xHHAHodjguqYGtMIsH42Sabx PVJ7om4ExLcIbUWaCKggn5j9Q/FV4Dij4c7UhUcvSrnamgKKORbQVg+lyj2u8EiI MdOmzGgu47qt/GFlxXKQwk8Pv5QfvjftIqLb8OACC86su+biBrMr21qjaZ2CVp9e 5/1a+M/Vje0poUr+mwSIn5/LSGTxaWHpzip+oyxZid9CGrlQSepgFuwJoLNLoujv RPFMmYsP88FUyhYs6/nVQ6bB19oBNIL+T12p/1bKtzVkUHFYm7Au0uv2dh1IshZP ZUbxABEBAAGJAkEEGAECASsFAmCb8RgFGwwAAADAXSAEGQEIAAYFAmCb8RcACgkQ geYHicMXHDthvwf+OTS2r4GeoHr2HZhJVHbO0/MbmfR+CoZHjgsaLA2S3zagZihz sg9cQT5cxtdZ535FvYnUIcxnBZ8dxj4cgQtHOMe/YU4TUJiOJzLz6mo86X7L335J ZIdFjlHONK0/HxOsQCWPPhsKPdkbBuHxEWG0+Zavqlft2KPl1MobbPfhoY2WLGV3 On/U1xZF8TJR4kkd7KhNGfiQws+Chw4XkiAdvnGupBSGDlQFUN7xCAOXEG7Yt8KH vqW6ceJABC5q1MLyKoVcFCvgBiOX0rNqbnrbrhWN8YwmhHaG3FiRbKDZvgo0m0VT q2Ndn5/Rz3H4nSB29cFhuXd8Pp8hq8OVBfURxwAKCRAe3dQVMX7ywAIKB/9LTT9B rVC0Pvs1CDmWQXOunsMYVpmke2yHHjw4LLG07TISy++7zUGaO+ff02putOLZa/1H VcAvqbIE9g/jQiVd7yR11RNqbENDL4Ens8Um+fmEENnKNHxCzQieeZFDEd/Kmt05 K7ji7fmQCrqMKzjewsoNo7IS6WiYZ9NuaWSlJI8e+2PYhhC0hmNAVjHHQeXz5/wC 2rlMCNsxh0dqw8Z3KvxnnkjY0b6tBBplORVC7/ZldtR7xVzdjHVZqNhUXVT9eL5m 52zYhwGH3MuLbQ+wDR+pHFkSPDG7G4k7PjoD13bEM2HlLXevYgpd3wRxvDygi5D2 2kcMtjkEzJ7Rfnbh =DXZs
-----END PGP PUBLIC KEY BLOCK-----
No public information is provided about the Sabadell Banc CERT team members.
The preferred method for contacting the Grupo Banco Sabadell CERT is via e-mail.
For general inquiries, please send an e-mail to email@example.com
The purpose of the Grupo Banco Sabadell CERT is to provide a Response capability, formed by an Incident Handling team. CSIRT core services are responsible for monitoring, receiving, reviewing, validating, notifying and responding (takedown services) to security alerts.
Grupo Banco Sabadell CERT supports incident response and security services for Banc Sabadell Group, their customers and related organizations.
Grupo Banco Sabadell CERT is sponsored by Banco de Sabadell, S.A.
Grupo Banco Sabadell CERT operates under the auspices of, and with authority delegated by the IT Control Department of Banco de Sabadell, S.A.
Grupo Banco Sabadell CERT is authorized to address all types of computer security incidents that occur at its constituency.
All incident reports received by Grupo Banco Sabadell CERT are analyzed, classified and prioritized according to an internal incident classification policy so that an efficient and appropriate level of service is provided.
Resources will be assigned according to the following priorities:
Types of incidents other than those mentioned above will be prioritized according to their apparent severity and extent.
Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance. In most cases, Grupo Banco Sabadell CERT will provide pointers to the information needed to implement appropriate measures.
Grupo Banco Sabadell CERT is committed to keeping the constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.
Grupo Banco Sabadell CERT will cooperate with other organizations in the field of computer security. This cooperation also includes and often requires the exchange of information regarding security incidents and vulnerabilities. Nevertheless Grupo Banco Sabadell CERT will protect the privacy of its constituency and therefore (under normal circumstances) pass on information in an anonymized way only.
Grupo Banco Sabadell CERT will only provide information to other parties with the sole purpose of facilitating the tasks of containment, eradication and recovery of incidents under the general principle of providing the minimum information possible.
Grupo Banco Sabadell CERT operates under the restrictions imposed by the law of Spanish Data
Protection Authority. Therefore it is also possible that Grupo Banco Sabadell CERT may be forced to disclose information due to a Court’s order.
In view of the types of information that the Grupo Banco Sabadell CERT will likely be dealing with, telephones will be considered sufficiently secure to be used even if unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. If it is necessary to send highly sensitive data by e-mail, PGP will be used. Network file transfers will be considered similar to e-mail for these purposes: sensitive data should be encrypted for transmission.
Where it is necessary to establish trust, for example before relying on information given to the Grupo Banco Sabadell CERT, or before disclosing confidential information, the identity of the other party will be ascertained to a reasonable degree of trust. Within Community, and with known neighbor sites, referrals from known trusted people will suffice to identify someone. Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc., along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor. Incoming e-mail whose data must be trusted will be checked with the originator personally, or by means of digital signatures (PGP in particular is supported).
Grupo Banco Sabadell CERT will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
Incident triage activities include:
Incident Coordination activities include:
Incident resolution activities include:
In addition, Grupo Banco Sabadell CERT will collect statistics concerning incidents that occur within or involve the community, and will notify the community as necessary to assist it in protecting against known attacks.
Grupo Banco Sabadell CERT will take part in proactive services with the objective to reduce the number of actual incidents by providing proper and suitable information concerning potential incidents to the constituency. Grupo Banco Sabadell CERT will perform proactive activities to improve performance and capabilities, such as:
All incidents will be reported via email using firstname.lastname@example.org.
While every precaution will be taken in the preparation of information, notifications and alerts, Grupo Banco Sabadell CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.