Intesa Sanpaolo established a Computer Emergency Readiness Team (CERT) with the mission of identifying and assessing the cyber threats which might have a potential impact on the Group, coordinate the response against cyber security related incidents and provide timely advice to all its constituency. The CERT is authorized to operate under the name "ISP-CERT" by Carnegie Mellon.
Identify threats which might have a potential impact on the Intesa Sanpaolo Group through security intelligence activities;
Assess the threat landscape and coordinate the response so to prevent potential impacts on the Group's business;
Keep the Group constituency informed on potential threats and attackers TTPs possibly before they are actively exploited;
When an incident occurs, working closely with the other internal functions and stakeholders, ensure impacts are evaluated, the response actions are assigned and addressed correctly, the resulting remediation plan is effective;
Actively develop and promote an information sharing network among the Costituency and with external entities;
Coordinate the communication for the Group with supervisory authority and regulators.
Furthermore, the Intesa Sanpaolo CERT maintains contacts with other external incident response teams as well as with national and European institutions and government entities.
The ISP-CERT is authorized to handle critical incidents that occur, or threaten to occur, to the Intesa Sanpaolo Group. The level of support given by ISP-CERT will vary depending on e.g. type and severity of the incident, the resulting impacts, the perimeter affected and the target involved.
ISP-CERT is also committed to keeping its constituency informed of potential threats and attackers TTPs possibly before they are actively exploited.
The Intesa Sanpaolo CERT constituencies consists of all entities of Intesa Sanpaolo Group, including the holding and all the affiliated entities.
The constituencies are located mainly in the following countries: Italy, Russia, Albania, Czech, Slovenia, Slovakia, Croatia, Romania, Egypt, Serbia, Bosnia Herzegovina, Hungary and in any other country where the Intesa Sanpaolo Group operates.
ISP-CERT service offering is built around three key domains:
Cyber Threat Surveillance
Cyber incident Response
ISP-CERT assists and coordinates the response to cyber security incidents within its constituency to ensure incidents are handled effectively and efficiently. In case of incident, ISP-CERT will support with respect to the following aspects of incident management:
Collection, correlation and analysis of the information provided by the various sources;
Classification of the incident to determine the overall severity of the event on the bases of impacts assessment with the support of the company functions/entities involved;
Coordination of the stakeholders, internal communication and escalation process;
Identification of the appropriate actions and coordination of the response of the stakeholders involved;
Coordination of the external reporting to authorities/regulators with support of the competent internal function;
Constantly monitoring of the incident evolution and the progress of the assigned tasks;
Advise the involved entity for designing and implementing the appropriate countermeasures;
Support for restoring the affected service to its previous state;
Constantly monitoring of the remediation plan;
Contacting the CERT
The preferred method for contacting the ISP-CERT is via e-mail at firstname.lastname@example.org.
The mailbox is monitored during regular office hours: Monday to Friday, 08.30 to 17.00 Central European Time Zone (GMT+0100 and GMT+0200 from the last Sunday of March to the last Sunday of October), except during public holidays in Italy.
Please use PGP if you plan to send sensitive information.
Urgent cases can be reported preferably by phone to +39 0287966093 which is monitored 24x7x365.
ISP-CERT provides a "Group Reporting Form" to its constituency.
In case an incident has to be reported from outside ISP-CERT's constituents, please report at least the following information, preferably using encrypted e-mail:
Contact details of the reporting organizational (name, e-mail address, telephone);
Date and Time of the occurrence of the event, if known;
Type of Incident;
Description of the incident;
IP address(es), FQDN(s), and any other relevant technical element with associated observation;
Any relevant artifact or log related to the event.
ISP-CERT supports the Information Sharing Traffic Light Protocol; information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled accordingly.