RFC-2350 Document Information: This document provides a description of FIN-CSIRT in accordance with RFC-2350. 1.1. Date of last document change: Version 2.2 - 2025/18/02 1.2. Distribution list for notifications: N/A 1.3. Location where the document can be accessed: https://www.fin-csirt.rs/rfc-2350.txt 2.1. Team name: FIN-CSIRT (Incident Prevention Center for ICT Systems of Financial Institutions) 2.2. Address: Bulevar kralja Aleksandra 86/II, 11000 Belgrade, Serbia 2.3. Time zone: CET 2.4. Working hours: Monday - Friday (7:30-15:30) 2.5. Phone number: +381113020525 2.6. Email: info@fin-csirt.rs 2.7. Information on encryption type and public key: Key ID: 2DA33266598315F5 Fingerprint: AE41AD4550248F8632477E532DA33266598315F5 Public key: https://www.fin-csirt.rs/pubkey.txt 2.8. Team members: The names of team members are not publicly available. Team members will be identified by their full names in official communication with the incident reporting party. 2.9. Other information: https://www.fin-csirt.rs 2.10. Communication method with users: The preferred communication method with FIN-CSIRT is via email (info@fin-csirt.rs) or by phone during working hours. Outside working hours, FIN-CSIRT employees regularly monitor the mentioned email. 3.1. Mission FIN-CSIRT provides support to its members in the event of threats, fraud, and incidents that may have a negative impact on their ICT systems. FIN-CSIRT’s role is to prevent and mitigate the escalation of incidents and to improve resilience to cyber incidents through timely information exchange. FIN-CSIRT also helps educate and raise awareness among its members and end-users of financial services in the country, with the goal of achieving a higher level of awareness about information security. FIN-CSIRT provides services based on the needs of its members and in agreement with them, with the aim of reducing the risks of cyber threats. 3.2. Establishment FIN-CSIRT was established within the Association of Serbian Banks, in accordance with the activities that the association performs based on its founding documents. 3.3. Sponsorship and/or membership FIN-CSIRT members can be financial institutions registered with the National Bank of Serbia. 3.4. Jurisdiction FIN-CSIRT operates in accordance with the decisions of the Board of Directors of the Association of Serbian Banks and the internal rules of operation of FIN-CSIRT. Operating Policy 4.1. Types of incidents and support level FIN-CSIRT is authorized to assist in the prevention, remediation, and mitigation of all types of security-related incidents reported by its members. 4.2. Cooperation, joint actions, and handling of received information FIN-CSIRT places importance on the exchange of information with other CERT teams and organizations that can contribute to better cybersecurity and the prevention of incidents. FIN-CSIRT treats all received information as confidential. Information may be shared with third parties if they are involved in the investigation or resolution of the reported incident. FIN-CSIRT operates within the laws of the Republic of Serbia (Information Security Law, Personal Data Protection Law, Banking Law). 4.3. Communication and identity verification Email and phones are considered sufficiently secure for sending information that is not considered particularly sensitive. In the case of sending sensitive data, email (info@fin-csirt.rs) with PGP encryption will be used. If necessary, the identity of the person reporting the incident can be verified using trust networks or through a return phone call/email. 5.1. Incident response FIN-CSIRT assists network and security administrators of ICT systems of its members in handling cyber incidents. 5.1.1. Incident triage Determining the type of incident, priority, and impact. Identifying initial resources needed to resolve the issue. 5.1.2. Incident coordination FIN-CSIRT mobilizes all available resources required for the incident investigation. It contacts third parties who may assist in resolving the incident. It contacts third parties who may be affected by the incident. 5.1.3. Incident resolution FIN-CSIRT provides support to its members through information exchange on current threats, risks, incidents, control measures, and experiences gained through the analysis of current events in the cyber environment. FIN-CSIRT provides full support. 5.2. Proactive activities FIN-CSIRT conducts regular activities to raise awareness about information security among its members and users of financial services. 6. Incident reporting form: info@fin-csirt.rs 7.Disclaimer Although every precaution will be taken in the preparation of information, notifications, and warnings, FIN-CSIRT does not accept responsibility for errors or omissions, or for any damages resulting from the use of the information contained therein.