RFC 2350 - Rabobank

The following profile of Rabobank has been established in adherence to RFC-2350.

1. Document Information

1.1. Date of Last Update
This is version 1.0 (7th March 2016)

1.2. Distribution List for Notifications
Changes to this document are not distributed by a mailing list. Any specific questions or remarks please address to the Rabobank CSIRT mail address.

1.3. Locations where this Document May Be Found:


and can also be requested at CSIRT(at)rabobank.nl

2. Contact Information

2.1. Name of the Team
Rabobank CSIRT

2.2. Address
PO Box 17100
3500 HG Utrecht
The Netherlands

2.3 Time Zone
* CET, Central European Time
(UTC+1, between last Sunday in October and last Sunday in March)

* CEST (also CET DST), Central European Summer Time
(UTC+2, between last Sunday in March and last Sunday in October)

2.4. Telephone Number

2.5. Facsimile Number

2.6. Other Telecommunication

2.7. Electronic Mail Address

2.8. Public Keys and Encryption Information|
Rabobank uses PGP for digital signatures and to receive encrypted information. The key is available on public PGP/GPG keyservers and at:

Download the Rabobank CSIRT Public Key

2.9. Team Members
A full list of Rabobank CSIRT team members is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.

2.10. Other Information
General information about Rabobank in English is available at:

2.11. Points of CSIRT Contact
In any case use Rabobank CSIRT mail address, csirt(at)rabobank.nl or csirt(at)rabobank.com
Our regular response hours (local time, excl. public holidays in The Netherlands) are weekdays of the week from 09:00 – 17.00
Outside these hours the CSIRT Security Incident Manager is available for incidents and can be reached at +31 (0)6 10 81 20 76

3. Charter

3.1. Mission Statement
A brief summary of the goal of Rabobank CSIRT:
Rabobank CSIRT is the Group Wide Cyber Security Incident Response Team for Rabobank and its subsidiaries globally.
We will strive towards an efficient, rapid and unambiguous response towards cyber security threats and/or incidents.

The main tasks include:

• Coordination in case of large and/or group surpassing cyber security related incidents and threats. Examples (but not limited) are data leakage, computer viruses,

Hacking and vulnerabilities in applications and/or hardware;

• Proactive action to prevent cyber security related incidents or to prepare for such incidents and reduce the impact.

3.2. Authority
The main purpose in incident handling is the coordination of incident response. As such, we advise constituents and have no authority to demand certain actions.

4. Policies

4.1. Types of Incidents and Level of Support
Rabobank CSIRT handles various types of security incidents. The level of support depends on the type of the incident and the impact as determined by Rabobank CSIRT staff.

4.2. Co-operation, Interaction and Disclosure of Information
All incoming information is handled confidentially by RABOBANK CSIRT, regardless of its priority. Information that is evidently very sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies.

Rabobank CSIRT will use the information you provide to help solve security incidents. Information will only be distributed further to other teams and members on a need-to-know base, and preferably in an anonymized fashion.
Rabobank CSIRT uses the Information Sharing Traffic Light Protocol (IS-TLP) for classifying and colour coding information.

4.3. Communication and Authentication
The preferred method of communication is via e-mail. When the content is sensitive enough or requires authentication, the Rabobank CSIRT PGP key is used for signing e-mail messages. All sensitive communication to Rabobank CSIRT should be encrypted against the team’s PGP key.

5. Services

Incident response provides 24/7 availability to coordinate all types of Cyber Security related Incidents and consists of expertise, tools and other capabilities to act, analyse and communicate with stakeholders and media through the established channels.

5.1.1. Incident Triage
* Investigate whether an incident occurred.
* Determine the extent of the incident.

5.1.2. Incident Coordination
* Determine the initial cause of the incident.
* Facilitate contact with other sites which may be involved.
* Communicate with stakeholders and media through internal established channels

5.1.3. Incident Resolution
* Provide advice to the reporting party that will help removing the vulnerabilities thatcaused the incident and securing the systems from the effects of the incidents.
* Evaluate which actions are most suitable to provide desired results regarding the incident resolution.
* Provide assistance in evidence collection and data interpretation when needed.

5.2. Proactive Activities
Prevention and preparation consists of all activities in order to reduce the probability or impact of an incident for the constituents. Rabobank CSIRT provides the constituents with current information and advice on new threats, and attacks which may have impact on their operations and builds awareness and skills of employees. Rabobank CSIRT also performs Red Team activities, testing security measures in place to improve efficiency and awareness.

6 Incident Reporting Forms

There are no special forms required to report an incident.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, Rabobank CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.